1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3 * This is the new netlink-based wireless configuration interface.
4 *
5 * Copyright 2006-2010 Johannes Berg <johannes@sipsolutions.net>
6 * Copyright 2013-2014 Intel Mobile Communications GmbH
7 * Copyright 2015-2017 Intel Deutschland GmbH
8 * Copyright (C) 2018-2026 Intel Corporation
9 */
10
11 #include <linux/if.h>
12 #include <linux/module.h>
13 #include <linux/err.h>
14 #include <linux/slab.h>
15 #include <linux/list.h>
16 #include <linux/if_ether.h>
17 #include <linux/ieee80211.h>
18 #include <linux/nl80211.h>
19 #include <linux/rtnetlink.h>
20 #include <linux/netlink.h>
21 #include <linux/nospec.h>
22 #include <linux/etherdevice.h>
23 #include <linux/if_vlan.h>
24 #include <linux/random.h>
25 #include <net/net_namespace.h>
26 #include <net/genetlink.h>
27 #include <net/cfg80211.h>
28 #include <net/sock.h>
29 #include <net/inet_connection_sock.h>
30 #include "core.h"
31 #include "nl80211.h"
32 #include "reg.h"
33 #include "rdev-ops.h"
34
35 static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev,
36 struct genl_info *info,
37 struct cfg80211_crypto_settings *settings,
38 int cipher_limit);
39
40 /* the netlink family */
41 static struct genl_family nl80211_fam;
42
43 /* multicast groups */
44 enum nl80211_multicast_groups {
45 NL80211_MCGRP_CONFIG,
46 NL80211_MCGRP_SCAN,
47 NL80211_MCGRP_REGULATORY,
48 NL80211_MCGRP_MLME,
49 NL80211_MCGRP_VENDOR,
50 NL80211_MCGRP_NAN,
51 NL80211_MCGRP_TESTMODE /* keep last - ifdef! */
52 };
53
54 static const struct genl_multicast_group nl80211_mcgrps[] = {
55 [NL80211_MCGRP_CONFIG] = { .name = NL80211_MULTICAST_GROUP_CONFIG },
56 [NL80211_MCGRP_SCAN] = { .name = NL80211_MULTICAST_GROUP_SCAN },
57 [NL80211_MCGRP_REGULATORY] = { .name = NL80211_MULTICAST_GROUP_REG },
58 [NL80211_MCGRP_MLME] = { .name = NL80211_MULTICAST_GROUP_MLME },
59 [NL80211_MCGRP_VENDOR] = { .name = NL80211_MULTICAST_GROUP_VENDOR },
60 [NL80211_MCGRP_NAN] = { .name = NL80211_MULTICAST_GROUP_NAN },
61 #ifdef CONFIG_NL80211_TESTMODE
62 [NL80211_MCGRP_TESTMODE] = { .name = NL80211_MULTICAST_GROUP_TESTMODE }
63 #endif
64 };
65
66 /* returns ERR_PTR values */
67 static struct wireless_dev *
__cfg80211_wdev_from_attrs(struct cfg80211_registered_device * rdev,struct net * netns,struct nlattr ** attrs)68 __cfg80211_wdev_from_attrs(struct cfg80211_registered_device *rdev,
69 struct net *netns, struct nlattr **attrs)
70 {
71 struct wireless_dev *result = NULL;
72 bool have_ifidx = attrs[NL80211_ATTR_IFINDEX];
73 bool have_wdev_id = attrs[NL80211_ATTR_WDEV];
74 u64 wdev_id = 0;
75 int wiphy_idx = -1;
76 int ifidx = -1;
77
78 if (!have_ifidx && !have_wdev_id)
79 return ERR_PTR(-EINVAL);
80
81 if (have_ifidx)
82 ifidx = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]);
83 if (have_wdev_id) {
84 wdev_id = nla_get_u64(attrs[NL80211_ATTR_WDEV]);
85 wiphy_idx = wdev_id >> 32;
86 }
87
88 if (rdev) {
89 struct wireless_dev *wdev;
90
91 lockdep_assert_held(&rdev->wiphy.mtx);
92
93 list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) {
94 if (have_ifidx && wdev->netdev &&
95 wdev->netdev->ifindex == ifidx) {
96 result = wdev;
97 break;
98 }
99 if (have_wdev_id && wdev->identifier == (u32)wdev_id) {
100 result = wdev;
101 break;
102 }
103 }
104
105 return result ?: ERR_PTR(-ENODEV);
106 }
107
108 ASSERT_RTNL();
109
110 for_each_rdev(rdev) {
111 struct wireless_dev *wdev;
112
113 if (wiphy_net(&rdev->wiphy) != netns)
114 continue;
115
116 if (have_wdev_id && rdev->wiphy_idx != wiphy_idx)
117 continue;
118
119 list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) {
120 if (have_ifidx && wdev->netdev &&
121 wdev->netdev->ifindex == ifidx) {
122 result = wdev;
123 break;
124 }
125 if (have_wdev_id && wdev->identifier == (u32)wdev_id) {
126 result = wdev;
127 break;
128 }
129 }
130
131 if (result)
132 break;
133 }
134
135 if (result)
136 return result;
137 return ERR_PTR(-ENODEV);
138 }
139
140 static struct cfg80211_registered_device *
__cfg80211_rdev_from_attrs(struct net * netns,struct nlattr ** attrs)141 __cfg80211_rdev_from_attrs(struct net *netns, struct nlattr **attrs)
142 {
143 struct cfg80211_registered_device *rdev = NULL, *tmp;
144 struct net_device *netdev;
145
146 ASSERT_RTNL();
147
148 if (!attrs[NL80211_ATTR_WIPHY] &&
149 !attrs[NL80211_ATTR_IFINDEX] &&
150 !attrs[NL80211_ATTR_WDEV])
151 return ERR_PTR(-EINVAL);
152
153 if (attrs[NL80211_ATTR_WIPHY])
154 rdev = cfg80211_rdev_by_wiphy_idx(
155 nla_get_u32(attrs[NL80211_ATTR_WIPHY]));
156
157 if (attrs[NL80211_ATTR_WDEV]) {
158 u64 wdev_id = nla_get_u64(attrs[NL80211_ATTR_WDEV]);
159 struct wireless_dev *wdev;
160 bool found = false;
161
162 tmp = cfg80211_rdev_by_wiphy_idx(wdev_id >> 32);
163 if (tmp) {
164 /* make sure wdev exists */
165 list_for_each_entry(wdev, &tmp->wiphy.wdev_list, list) {
166 if (wdev->identifier != (u32)wdev_id)
167 continue;
168 found = true;
169 break;
170 }
171
172 if (!found)
173 tmp = NULL;
174
175 if (rdev && tmp != rdev)
176 return ERR_PTR(-EINVAL);
177 rdev = tmp;
178 }
179 }
180
181 if (attrs[NL80211_ATTR_IFINDEX]) {
182 int ifindex = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]);
183
184 netdev = __dev_get_by_index(netns, ifindex);
185 if (netdev) {
186 if (netdev->ieee80211_ptr)
187 tmp = wiphy_to_rdev(
188 netdev->ieee80211_ptr->wiphy);
189 else
190 tmp = NULL;
191
192 /* not wireless device -- return error */
193 if (!tmp)
194 return ERR_PTR(-EINVAL);
195
196 /* mismatch -- return error */
197 if (rdev && tmp != rdev)
198 return ERR_PTR(-EINVAL);
199
200 rdev = tmp;
201 }
202 }
203
204 if (!rdev)
205 return ERR_PTR(-ENODEV);
206
207 if (netns != wiphy_net(&rdev->wiphy))
208 return ERR_PTR(-ENODEV);
209
210 return rdev;
211 }
212
213 /*
214 * This function returns a pointer to the driver
215 * that the genl_info item that is passed refers to.
216 *
217 * The result of this can be a PTR_ERR and hence must
218 * be checked with IS_ERR() for errors.
219 */
220 static struct cfg80211_registered_device *
cfg80211_get_dev_from_info(struct net * netns,struct genl_info * info)221 cfg80211_get_dev_from_info(struct net *netns, struct genl_info *info)
222 {
223 return __cfg80211_rdev_from_attrs(netns, info->attrs);
224 }
225
validate_beacon_head(const struct nlattr * attr,struct netlink_ext_ack * extack)226 static int validate_beacon_head(const struct nlattr *attr,
227 struct netlink_ext_ack *extack)
228 {
229 const u8 *data = nla_data(attr);
230 unsigned int len = nla_len(attr);
231 const struct element *elem;
232 const struct ieee80211_mgmt *mgmt = (void *)data;
233 const struct ieee80211_ext *ext;
234 unsigned int fixedlen, hdrlen;
235 bool s1g_bcn;
236
237 if (len < offsetofend(typeof(*mgmt), frame_control))
238 goto err;
239
240 s1g_bcn = ieee80211_is_s1g_beacon(mgmt->frame_control);
241 if (s1g_bcn) {
242 ext = (struct ieee80211_ext *)mgmt;
243 fixedlen =
244 offsetof(struct ieee80211_ext, u.s1g_beacon.variable) +
245 ieee80211_s1g_optional_len(ext->frame_control);
246 hdrlen = offsetof(struct ieee80211_ext, u.s1g_beacon);
247 } else {
248 fixedlen = offsetof(struct ieee80211_mgmt,
249 u.beacon.variable);
250 hdrlen = offsetof(struct ieee80211_mgmt, u.beacon);
251 }
252
253 if (len < fixedlen)
254 goto err;
255
256 if (ieee80211_hdrlen(mgmt->frame_control) != hdrlen)
257 goto err;
258
259 data += fixedlen;
260 len -= fixedlen;
261
262 for_each_element(elem, data, len) {
263 /* nothing */
264 }
265
266 if (for_each_element_completed(elem, data, len))
267 return 0;
268
269 err:
270 NL_SET_ERR_MSG_ATTR(extack, attr, "malformed beacon head");
271 return -EINVAL;
272 }
273
validate_ie_attr(const struct nlattr * attr,struct netlink_ext_ack * extack)274 static int validate_ie_attr(const struct nlattr *attr,
275 struct netlink_ext_ack *extack)
276 {
277 const u8 *data = nla_data(attr);
278 unsigned int len = nla_len(attr);
279 const struct element *elem;
280
281 for_each_element(elem, data, len) {
282 /* nothing */
283 }
284
285 if (for_each_element_completed(elem, data, len))
286 return 0;
287
288 NL_SET_ERR_MSG_ATTR(extack, attr, "malformed information elements");
289 return -EINVAL;
290 }
291
validate_he_capa(const struct nlattr * attr,struct netlink_ext_ack * extack)292 static int validate_he_capa(const struct nlattr *attr,
293 struct netlink_ext_ack *extack)
294 {
295 if (!ieee80211_he_capa_size_ok(nla_data(attr), nla_len(attr)))
296 return -EINVAL;
297
298 return 0;
299 }
300
validate_supported_selectors(const struct nlattr * attr,struct netlink_ext_ack * extack)301 static int validate_supported_selectors(const struct nlattr *attr,
302 struct netlink_ext_ack *extack)
303 {
304 const u8 *supported_selectors = nla_data(attr);
305 u8 supported_selectors_len = nla_len(attr);
306
307 /* The top bit must not be set as it is not part of the selector */
308 for (int i = 0; i < supported_selectors_len; i++) {
309 if (supported_selectors[i] & 0x80)
310 return -EINVAL;
311 }
312
313 return 0;
314 }
315
validate_nan_cluster_id(const struct nlattr * attr,struct netlink_ext_ack * extack)316 static int validate_nan_cluster_id(const struct nlattr *attr,
317 struct netlink_ext_ack *extack)
318 {
319 const u8 *data = nla_data(attr);
320 unsigned int len = nla_len(attr);
321 static const u8 cluster_id_prefix[4] = {0x50, 0x6f, 0x9a, 0x1};
322
323 if (len != ETH_ALEN) {
324 NL_SET_ERR_MSG_ATTR(extack, attr, "bad cluster id length");
325 return -EINVAL;
326 }
327
328 if (memcmp(data, cluster_id_prefix, sizeof(cluster_id_prefix))) {
329 NL_SET_ERR_MSG_ATTR(extack, attr, "invalid cluster id prefix");
330 return -EINVAL;
331 }
332
333 return 0;
334 }
335
validate_nan_avail_blob(const struct nlattr * attr,struct netlink_ext_ack * extack)336 static int validate_nan_avail_blob(const struct nlattr *attr,
337 struct netlink_ext_ack *extack)
338 {
339 const u8 *data = nla_data(attr);
340 unsigned int len = nla_len(attr);
341 u16 attr_len;
342
343 /* Need at least: Attr ID (1) + Length (2) */
344 if (len < 3) {
345 NL_SET_ERR_MSG_FMT(extack,
346 "NAN Availability: Too short (need at least 3 bytes, have %u)",
347 len);
348 return -EINVAL;
349 }
350
351 if (data[0] != 0x12) {
352 NL_SET_ERR_MSG_FMT(extack,
353 "NAN Availability: Invalid Attribute ID 0x%02x (expected 0x12)",
354 data[0]);
355 return -EINVAL;
356 }
357
358 attr_len = get_unaligned_le16(&data[1]);
359
360 if (attr_len != len - 3) {
361 NL_SET_ERR_MSG_FMT(extack,
362 "NAN Availability: Length field (%u) doesn't match data length (%u)",
363 attr_len, len - 3);
364 return -EINVAL;
365 }
366
367 return 0;
368 }
369
validate_nan_ulw(const struct nlattr * attr,struct netlink_ext_ack * extack)370 static int validate_nan_ulw(const struct nlattr *attr,
371 struct netlink_ext_ack *extack)
372 {
373 const u8 *data = nla_data(attr);
374 unsigned int len = nla_len(attr);
375 unsigned int pos = 0;
376
377 while (pos < len) {
378 u16 attr_len;
379
380 /* Need at least: Attr ID (1) + Length (2) */
381 if (pos + 3 > len) {
382 NL_SET_ERR_MSG_FMT(extack,
383 "ULW: Incomplete header (need 3 bytes, have %u)",
384 len - pos);
385 return -EINVAL;
386 }
387
388 if (data[pos] != 0x17) {
389 NL_SET_ERR_MSG_FMT(extack,
390 "ULW: Invalid Attribute ID 0x%02x (expected 0x17)",
391 data[pos]);
392 return -EINVAL;
393 }
394 pos++;
395
396 /* Length is in little-endian format */
397 attr_len = get_unaligned_le16(&data[pos]);
398 pos += 2;
399
400 /*
401 * Check if length is one of the valid values: 16 (no
402 * channel/band entry included), 18 (band entry included),
403 * 21 (channel entry included without Auxiliary channel bitmap),
404 * or 23 (channel entry included with Auxiliary channel bitmap).
405 */
406 if (attr_len != 16 && attr_len != 18 && attr_len != 21 &&
407 attr_len != 23) {
408 NL_SET_ERR_MSG_FMT(extack,
409 "ULW: Invalid length %u (must be 16, 18, 21, or 23)",
410 attr_len);
411 return -EINVAL;
412 }
413
414 if (pos + attr_len > len) {
415 NL_SET_ERR_MSG_FMT(extack,
416 "ULW: Length field (%u) exceeds remaining data (%u)",
417 attr_len, len - pos);
418 return -EINVAL;
419 }
420
421 pos += attr_len;
422 }
423
424 return 0;
425 }
426
validate_uhr_capa(const struct nlattr * attr,struct netlink_ext_ack * extack)427 static int validate_uhr_capa(const struct nlattr *attr,
428 struct netlink_ext_ack *extack)
429 {
430 const u8 *data = nla_data(attr);
431 unsigned int len = nla_len(attr);
432
433 if (!ieee80211_uhr_capa_size_ok(data, len, false))
434 return -EINVAL;
435 return 0;
436 }
437
validate_uhr_operation(const struct nlattr * attr,struct netlink_ext_ack * extack)438 static int validate_uhr_operation(const struct nlattr *attr,
439 struct netlink_ext_ack *extack)
440 {
441 const u8 *data = nla_data(attr);
442 unsigned int len = nla_len(attr);
443
444 if (!ieee80211_uhr_oper_size_ok(data, len, false))
445 return -EINVAL;
446 return 0;
447 }
448
449 /* policy for the attributes */
450 static const struct nla_policy nl80211_policy[NUM_NL80211_ATTR];
451
452 static const struct nla_policy
453 nl80211_ftm_responder_policy[NL80211_FTM_RESP_ATTR_MAX + 1] = {
454 [NL80211_FTM_RESP_ATTR_ENABLED] = { .type = NLA_FLAG, },
455 [NL80211_FTM_RESP_ATTR_LCI] = { .type = NLA_BINARY,
456 .len = U8_MAX },
457 [NL80211_FTM_RESP_ATTR_CIVICLOC] = { .type = NLA_BINARY,
458 .len = U8_MAX },
459 };
460
461 static const struct nla_policy
462 nl80211_pmsr_ftm_req_attr_policy[NL80211_PMSR_FTM_REQ_ATTR_MAX + 1] = {
463 [NL80211_PMSR_FTM_REQ_ATTR_ASAP] = { .type = NLA_FLAG },
464 [NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE] = { .type = NLA_U32 },
465 [NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP] =
466 NLA_POLICY_MAX(NLA_U8, 15),
467 [NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD] = { .type = NLA_U16 },
468 [NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION] =
469 NLA_POLICY_MAX(NLA_U8, 15),
470 [NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST] = { .type = NLA_U8 },
471 [NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES] = { .type = NLA_U8 },
472 [NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI] = { .type = NLA_FLAG },
473 [NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC] = { .type = NLA_FLAG },
474 [NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED] = { .type = NLA_FLAG },
475 [NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED] = { .type = NLA_FLAG },
476 [NL80211_PMSR_FTM_REQ_ATTR_LMR_FEEDBACK] = { .type = NLA_FLAG },
477 [NL80211_PMSR_FTM_REQ_ATTR_BSS_COLOR] = { .type = NLA_U8 },
478 [NL80211_PMSR_FTM_REQ_ATTR_RSTA] = { .type = NLA_FLAG },
479 };
480
481 static const struct nla_policy
482 nl80211_pmsr_req_data_policy[NL80211_PMSR_TYPE_MAX + 1] = {
483 [NL80211_PMSR_TYPE_FTM] =
484 NLA_POLICY_NESTED(nl80211_pmsr_ftm_req_attr_policy),
485 };
486
487 static const struct nla_policy
488 nl80211_pmsr_req_attr_policy[NL80211_PMSR_REQ_ATTR_MAX + 1] = {
489 [NL80211_PMSR_REQ_ATTR_DATA] =
490 NLA_POLICY_NESTED(nl80211_pmsr_req_data_policy),
491 [NL80211_PMSR_REQ_ATTR_GET_AP_TSF] = { .type = NLA_FLAG },
492 };
493
494 static const struct nla_policy
495 nl80211_pmsr_peer_attr_policy[NL80211_PMSR_PEER_ATTR_MAX + 1] = {
496 [NL80211_PMSR_PEER_ATTR_ADDR] = NLA_POLICY_ETH_ADDR,
497 [NL80211_PMSR_PEER_ATTR_CHAN] = NLA_POLICY_NESTED(nl80211_policy),
498 [NL80211_PMSR_PEER_ATTR_REQ] =
499 NLA_POLICY_NESTED(nl80211_pmsr_req_attr_policy),
500 [NL80211_PMSR_PEER_ATTR_RESP] = { .type = NLA_REJECT },
501 };
502
503 static const struct nla_policy
504 nl80211_pmsr_attr_policy[NL80211_PMSR_ATTR_MAX + 1] = {
505 [NL80211_PMSR_ATTR_MAX_PEERS] = { .type = NLA_REJECT },
506 [NL80211_PMSR_ATTR_REPORT_AP_TSF] = { .type = NLA_REJECT },
507 [NL80211_PMSR_ATTR_RANDOMIZE_MAC_ADDR] = { .type = NLA_REJECT },
508 [NL80211_PMSR_ATTR_TYPE_CAPA] = { .type = NLA_REJECT },
509 [NL80211_PMSR_ATTR_PEERS] =
510 NLA_POLICY_NESTED_ARRAY(nl80211_pmsr_peer_attr_policy),
511 };
512
513 static const struct nla_policy
514 he_obss_pd_policy[NL80211_HE_OBSS_PD_ATTR_MAX + 1] = {
515 [NL80211_HE_OBSS_PD_ATTR_MIN_OFFSET] =
516 NLA_POLICY_RANGE(NLA_U8, 1, 20),
517 [NL80211_HE_OBSS_PD_ATTR_MAX_OFFSET] =
518 NLA_POLICY_RANGE(NLA_U8, 1, 20),
519 [NL80211_HE_OBSS_PD_ATTR_NON_SRG_MAX_OFFSET] =
520 NLA_POLICY_RANGE(NLA_U8, 1, 20),
521 [NL80211_HE_OBSS_PD_ATTR_BSS_COLOR_BITMAP] =
522 NLA_POLICY_EXACT_LEN(8),
523 [NL80211_HE_OBSS_PD_ATTR_PARTIAL_BSSID_BITMAP] =
524 NLA_POLICY_EXACT_LEN(8),
525 [NL80211_HE_OBSS_PD_ATTR_SR_CTRL] = { .type = NLA_U8 },
526 };
527
528 static const struct nla_policy
529 he_bss_color_policy[NL80211_HE_BSS_COLOR_ATTR_MAX + 1] = {
530 [NL80211_HE_BSS_COLOR_ATTR_COLOR] = NLA_POLICY_RANGE(NLA_U8, 1, 63),
531 [NL80211_HE_BSS_COLOR_ATTR_DISABLED] = { .type = NLA_FLAG },
532 [NL80211_HE_BSS_COLOR_ATTR_PARTIAL] = { .type = NLA_FLAG },
533 };
534
535 static const struct nla_policy nl80211_txattr_policy[NL80211_TXRATE_MAX + 1] = {
536 [NL80211_TXRATE_LEGACY] = { .type = NLA_BINARY,
537 .len = NL80211_MAX_SUPP_RATES },
538 [NL80211_TXRATE_HT] = { .type = NLA_BINARY,
539 .len = NL80211_MAX_SUPP_HT_RATES },
540 [NL80211_TXRATE_VHT] = NLA_POLICY_EXACT_LEN_WARN(sizeof(struct nl80211_txrate_vht)),
541 [NL80211_TXRATE_GI] = { .type = NLA_U8 },
542 [NL80211_TXRATE_HE] = NLA_POLICY_EXACT_LEN(sizeof(struct nl80211_txrate_he)),
543 [NL80211_TXRATE_HE_GI] = NLA_POLICY_RANGE(NLA_U8,
544 NL80211_RATE_INFO_HE_GI_0_8,
545 NL80211_RATE_INFO_HE_GI_3_2),
546 [NL80211_TXRATE_HE_LTF] = NLA_POLICY_RANGE(NLA_U8,
547 NL80211_RATE_INFO_HE_1XLTF,
548 NL80211_RATE_INFO_HE_4XLTF),
549 [NL80211_TXRATE_EHT] = NLA_POLICY_EXACT_LEN(sizeof(struct nl80211_txrate_eht)),
550 [NL80211_TXRATE_EHT_GI] = NLA_POLICY_RANGE(NLA_U8,
551 NL80211_RATE_INFO_EHT_GI_0_8,
552 NL80211_RATE_INFO_EHT_GI_3_2),
553 [NL80211_TXRATE_EHT_LTF] = NLA_POLICY_RANGE(NLA_U8,
554 NL80211_RATE_INFO_EHT_1XLTF,
555 NL80211_RATE_INFO_EHT_8XLTF),
556
557 };
558
559 static const struct nla_policy
560 nl80211_tid_config_attr_policy[NL80211_TID_CONFIG_ATTR_MAX + 1] = {
561 [NL80211_TID_CONFIG_ATTR_VIF_SUPP] = { .type = NLA_U64 },
562 [NL80211_TID_CONFIG_ATTR_PEER_SUPP] = { .type = NLA_U64 },
563 [NL80211_TID_CONFIG_ATTR_OVERRIDE] = { .type = NLA_FLAG },
564 [NL80211_TID_CONFIG_ATTR_TIDS] = NLA_POLICY_RANGE(NLA_U16, 1, 0xff),
565 [NL80211_TID_CONFIG_ATTR_NOACK] =
566 NLA_POLICY_MAX(NLA_U8, NL80211_TID_CONFIG_DISABLE),
567 [NL80211_TID_CONFIG_ATTR_RETRY_SHORT] = NLA_POLICY_MIN(NLA_U8, 1),
568 [NL80211_TID_CONFIG_ATTR_RETRY_LONG] = NLA_POLICY_MIN(NLA_U8, 1),
569 [NL80211_TID_CONFIG_ATTR_AMPDU_CTRL] =
570 NLA_POLICY_MAX(NLA_U8, NL80211_TID_CONFIG_DISABLE),
571 [NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL] =
572 NLA_POLICY_MAX(NLA_U8, NL80211_TID_CONFIG_DISABLE),
573 [NL80211_TID_CONFIG_ATTR_AMSDU_CTRL] =
574 NLA_POLICY_MAX(NLA_U8, NL80211_TID_CONFIG_DISABLE),
575 [NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE] =
576 NLA_POLICY_MAX(NLA_U8, NL80211_TX_RATE_FIXED),
577 [NL80211_TID_CONFIG_ATTR_TX_RATE] =
578 NLA_POLICY_NESTED(nl80211_txattr_policy),
579 };
580
581 static const struct nla_policy
582 nl80211_fils_discovery_policy[NL80211_FILS_DISCOVERY_ATTR_MAX + 1] = {
583 [NL80211_FILS_DISCOVERY_ATTR_INT_MIN] = NLA_POLICY_MAX(NLA_U32, 10000),
584 [NL80211_FILS_DISCOVERY_ATTR_INT_MAX] = NLA_POLICY_MAX(NLA_U32, 10000),
585 [NL80211_FILS_DISCOVERY_ATTR_TMPL] =
586 NLA_POLICY_RANGE(NLA_BINARY,
587 NL80211_FILS_DISCOVERY_TMPL_MIN_LEN,
588 IEEE80211_MAX_DATA_LEN),
589 };
590
591 static const struct nla_policy
592 nl80211_unsol_bcast_probe_resp_policy[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_MAX + 1] = {
593 [NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_INT] = NLA_POLICY_MAX(NLA_U32, 20),
594 [NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_TMPL] = { .type = NLA_BINARY,
595 .len = IEEE80211_MAX_DATA_LEN }
596 };
597
598 static const struct nla_policy
599 sar_specs_policy[NL80211_SAR_ATTR_SPECS_MAX + 1] = {
600 [NL80211_SAR_ATTR_SPECS_POWER] = { .type = NLA_S32 },
601 [NL80211_SAR_ATTR_SPECS_RANGE_INDEX] = {.type = NLA_U32 },
602 };
603
604 static const struct nla_policy
605 sar_policy[NL80211_SAR_ATTR_MAX + 1] = {
606 [NL80211_SAR_ATTR_TYPE] = NLA_POLICY_MAX(NLA_U32, NUM_NL80211_SAR_TYPE),
607 [NL80211_SAR_ATTR_SPECS] = NLA_POLICY_NESTED_ARRAY(sar_specs_policy),
608 };
609
610 static const struct nla_policy
611 nl80211_mbssid_config_policy[NL80211_MBSSID_CONFIG_ATTR_MAX + 1] = {
612 [NL80211_MBSSID_CONFIG_ATTR_MAX_INTERFACES] = NLA_POLICY_MIN(NLA_U8, 2),
613 [NL80211_MBSSID_CONFIG_ATTR_MAX_EMA_PROFILE_PERIODICITY] =
614 NLA_POLICY_MIN(NLA_U8, 1),
615 [NL80211_MBSSID_CONFIG_ATTR_INDEX] = { .type = NLA_U8 },
616 [NL80211_MBSSID_CONFIG_ATTR_TX_IFINDEX] = { .type = NLA_U32 },
617 [NL80211_MBSSID_CONFIG_ATTR_EMA] = { .type = NLA_FLAG },
618 [NL80211_MBSSID_CONFIG_ATTR_TX_LINK_ID] =
619 NLA_POLICY_MAX(NLA_U8, IEEE80211_MLD_MAX_NUM_LINKS),
620 };
621
622 static const struct nla_policy
623 nl80211_sta_wme_policy[NL80211_STA_WME_MAX + 1] = {
624 [NL80211_STA_WME_UAPSD_QUEUES] = { .type = NLA_U8 },
625 [NL80211_STA_WME_MAX_SP] = { .type = NLA_U8 },
626 };
627
628 static const struct nla_policy
629 nl80211_s1g_short_beacon[NL80211_S1G_SHORT_BEACON_ATTR_MAX + 1] = {
630 [NL80211_S1G_SHORT_BEACON_ATTR_HEAD] =
631 NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_beacon_head,
632 IEEE80211_MAX_DATA_LEN),
633 [NL80211_S1G_SHORT_BEACON_ATTR_TAIL] =
634 NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_ie_attr,
635 IEEE80211_MAX_DATA_LEN),
636 };
637
638 static const struct nla_policy
639 nl80211_nan_band_conf_policy[NL80211_NAN_BAND_CONF_ATTR_MAX + 1] = {
640 [NL80211_NAN_BAND_CONF_BAND] = NLA_POLICY_MAX(NLA_U8,
641 NUM_NL80211_BANDS - 1),
642 [NL80211_NAN_BAND_CONF_FREQ] = { .type = NLA_U16 },
643 [NL80211_NAN_BAND_CONF_RSSI_CLOSE] = NLA_POLICY_MIN(NLA_S8, -59),
644 [NL80211_NAN_BAND_CONF_RSSI_MIDDLE] = NLA_POLICY_MIN(NLA_S8, -74),
645 [NL80211_NAN_BAND_CONF_WAKE_DW] = NLA_POLICY_MAX(NLA_U8, 5),
646 [NL80211_NAN_BAND_CONF_DISABLE_SCAN] = { .type = NLA_FLAG },
647 };
648
649 static const struct nla_policy
650 nl80211_nan_peer_map_policy[NL80211_NAN_PEER_MAP_ATTR_MAX + 1] = {
651 [NL80211_NAN_PEER_MAP_ATTR_MAP_ID] = NLA_POLICY_MAX(NLA_U8, 15),
652 [NL80211_NAN_PEER_MAP_ATTR_TIME_SLOTS] =
653 NLA_POLICY_EXACT_LEN(CFG80211_NAN_SCHED_NUM_TIME_SLOTS),
654 };
655
656 static const struct nla_policy
657 nl80211_nan_conf_policy[NL80211_NAN_CONF_ATTR_MAX + 1] = {
658 [NL80211_NAN_CONF_CLUSTER_ID] =
659 NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_nan_cluster_id,
660 ETH_ALEN),
661 [NL80211_NAN_CONF_EXTRA_ATTRS] = { .type = NLA_BINARY,
662 .len = IEEE80211_MAX_DATA_LEN},
663 [NL80211_NAN_CONF_VENDOR_ELEMS] =
664 NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_ie_attr,
665 IEEE80211_MAX_DATA_LEN),
666 [NL80211_NAN_CONF_BAND_CONFIGS] =
667 NLA_POLICY_NESTED_ARRAY(nl80211_nan_band_conf_policy),
668 [NL80211_NAN_CONF_SCAN_PERIOD] = { .type = NLA_U16 },
669 [NL80211_NAN_CONF_SCAN_DWELL_TIME] = NLA_POLICY_RANGE(NLA_U16, 50, 512),
670 [NL80211_NAN_CONF_DISCOVERY_BEACON_INTERVAL] =
671 NLA_POLICY_RANGE(NLA_U8, 50, 200),
672 [NL80211_NAN_CONF_NOTIFY_DW] = { .type = NLA_FLAG },
673 };
674
675 static const struct netlink_range_validation nl80211_punct_bitmap_range = {
676 .min = 0,
677 .max = 0xffff,
678 };
679
680 static const struct netlink_range_validation q_range = {
681 .max = INT_MAX,
682 };
683
684 static const struct nla_policy nl80211_policy[NUM_NL80211_ATTR] = {
685 [0] = { .strict_start_type = NL80211_ATTR_HE_OBSS_PD },
686 [NL80211_ATTR_WIPHY] = { .type = NLA_U32 },
687 [NL80211_ATTR_WIPHY_NAME] = { .type = NLA_NUL_STRING,
688 .len = 20-1 },
689 [NL80211_ATTR_WIPHY_TXQ_PARAMS] = { .type = NLA_NESTED },
690
691 [NL80211_ATTR_WIPHY_FREQ] = { .type = NLA_U32 },
692 [NL80211_ATTR_WIPHY_CHANNEL_TYPE] = { .type = NLA_U32 },
693 [NL80211_ATTR_WIPHY_EDMG_CHANNELS] = NLA_POLICY_RANGE(NLA_U8,
694 NL80211_EDMG_CHANNELS_MIN,
695 NL80211_EDMG_CHANNELS_MAX),
696 [NL80211_ATTR_WIPHY_EDMG_BW_CONFIG] = NLA_POLICY_RANGE(NLA_U8,
697 NL80211_EDMG_BW_CONFIG_MIN,
698 NL80211_EDMG_BW_CONFIG_MAX),
699
700 [NL80211_ATTR_CHANNEL_WIDTH] = { .type = NLA_U32 },
701 [NL80211_ATTR_CENTER_FREQ1] = { .type = NLA_U32 },
702 [NL80211_ATTR_CENTER_FREQ1_OFFSET] = NLA_POLICY_RANGE(NLA_U32, 0, 999),
703 [NL80211_ATTR_CENTER_FREQ2] = { .type = NLA_U32 },
704
705 [NL80211_ATTR_WIPHY_RETRY_SHORT] = NLA_POLICY_MIN(NLA_U8, 1),
706 [NL80211_ATTR_WIPHY_RETRY_LONG] = NLA_POLICY_MIN(NLA_U8, 1),
707 [NL80211_ATTR_WIPHY_FRAG_THRESHOLD] = { .type = NLA_U32 },
708 [NL80211_ATTR_WIPHY_RTS_THRESHOLD] = { .type = NLA_U32 },
709 [NL80211_ATTR_WIPHY_COVERAGE_CLASS] = { .type = NLA_U8 },
710 [NL80211_ATTR_WIPHY_DYN_ACK] = { .type = NLA_FLAG },
711
712 [NL80211_ATTR_IFTYPE] = NLA_POLICY_MAX(NLA_U32, NL80211_IFTYPE_MAX),
713 [NL80211_ATTR_IFINDEX] = { .type = NLA_U32 },
714 [NL80211_ATTR_IFNAME] = { .type = NLA_NUL_STRING, .len = IFNAMSIZ-1 },
715
716 [NL80211_ATTR_MAC] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN),
717 [NL80211_ATTR_PREV_BSSID] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN),
718
719 [NL80211_ATTR_KEY] = { .type = NLA_NESTED, },
720 [NL80211_ATTR_KEY_DATA] = { .type = NLA_BINARY,
721 .len = WLAN_MAX_KEY_LEN },
722 [NL80211_ATTR_KEY_IDX] = NLA_POLICY_MAX(NLA_U8, 7),
723 [NL80211_ATTR_KEY_CIPHER] = { .type = NLA_U32 },
724 [NL80211_ATTR_KEY_DEFAULT] = { .type = NLA_FLAG },
725 [NL80211_ATTR_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 },
726 [NL80211_ATTR_KEY_TYPE] =
727 NLA_POLICY_MAX(NLA_U32, NUM_NL80211_KEYTYPES),
728
729 [NL80211_ATTR_BEACON_INTERVAL] = { .type = NLA_U32 },
730 [NL80211_ATTR_DTIM_PERIOD] = { .type = NLA_U32 },
731 [NL80211_ATTR_BEACON_HEAD] =
732 NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_beacon_head,
733 IEEE80211_MAX_DATA_LEN),
734 [NL80211_ATTR_BEACON_TAIL] =
735 NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_ie_attr,
736 IEEE80211_MAX_DATA_LEN),
737 [NL80211_ATTR_STA_AID] =
738 NLA_POLICY_RANGE(NLA_U16, 1, IEEE80211_MAX_AID),
739 [NL80211_ATTR_STA_FLAGS] = { .type = NLA_NESTED },
740 [NL80211_ATTR_STA_LISTEN_INTERVAL] = { .type = NLA_U16 },
741 [NL80211_ATTR_STA_SUPPORTED_RATES] = { .type = NLA_BINARY,
742 .len = NL80211_MAX_SUPP_RATES },
743 [NL80211_ATTR_STA_PLINK_ACTION] =
744 NLA_POLICY_MAX(NLA_U8, NUM_NL80211_PLINK_ACTIONS - 1),
745 [NL80211_ATTR_STA_TX_POWER_SETTING] =
746 NLA_POLICY_RANGE(NLA_U8,
747 NL80211_TX_POWER_AUTOMATIC,
748 NL80211_TX_POWER_FIXED),
749 [NL80211_ATTR_STA_TX_POWER] = { .type = NLA_S16 },
750 [NL80211_ATTR_STA_VLAN] = { .type = NLA_U32 },
751 [NL80211_ATTR_MNTR_FLAGS] = { /* NLA_NESTED can't be empty */ },
752 [NL80211_ATTR_MESH_ID] = { .type = NLA_BINARY,
753 .len = IEEE80211_MAX_MESH_ID_LEN },
754 [NL80211_ATTR_MPATH_NEXT_HOP] = NLA_POLICY_ETH_ADDR_COMPAT,
755
756 /* allow 3 for NUL-termination, we used to declare this NLA_STRING */
757 [NL80211_ATTR_REG_ALPHA2] = NLA_POLICY_RANGE(NLA_BINARY, 2, 3),
758 [NL80211_ATTR_REG_RULES] = { .type = NLA_NESTED },
759
760 [NL80211_ATTR_BSS_CTS_PROT] = { .type = NLA_U8 },
761 [NL80211_ATTR_BSS_SHORT_PREAMBLE] = { .type = NLA_U8 },
762 [NL80211_ATTR_BSS_SHORT_SLOT_TIME] = { .type = NLA_U8 },
763 [NL80211_ATTR_BSS_BASIC_RATES] = { .type = NLA_BINARY,
764 .len = NL80211_MAX_SUPP_RATES },
765 [NL80211_ATTR_BSS_HT_OPMODE] = { .type = NLA_U16 },
766
767 [NL80211_ATTR_MESH_CONFIG] = { .type = NLA_NESTED },
768 [NL80211_ATTR_SUPPORT_MESH_AUTH] = { .type = NLA_FLAG },
769
770 [NL80211_ATTR_HT_CAPABILITY] = NLA_POLICY_EXACT_LEN_WARN(NL80211_HT_CAPABILITY_LEN),
771
772 [NL80211_ATTR_MGMT_SUBTYPE] = { .type = NLA_U8 },
773 [NL80211_ATTR_IE] = NLA_POLICY_VALIDATE_FN(NLA_BINARY,
774 validate_ie_attr,
775 IEEE80211_MAX_DATA_LEN),
776 [NL80211_ATTR_SCAN_FREQUENCIES] = { .type = NLA_NESTED },
777 [NL80211_ATTR_SCAN_SSIDS] = { .type = NLA_NESTED },
778
779 [NL80211_ATTR_SSID] = { .type = NLA_BINARY,
780 .len = IEEE80211_MAX_SSID_LEN },
781 [NL80211_ATTR_AUTH_TYPE] = { .type = NLA_U32 },
782 [NL80211_ATTR_REASON_CODE] = { .type = NLA_U16 },
783 [NL80211_ATTR_FREQ_FIXED] = { .type = NLA_FLAG },
784 [NL80211_ATTR_TIMED_OUT] = { .type = NLA_FLAG },
785 [NL80211_ATTR_USE_MFP] = NLA_POLICY_RANGE(NLA_U32,
786 NL80211_MFP_NO,
787 NL80211_MFP_OPTIONAL),
788 [NL80211_ATTR_STA_FLAGS2] =
789 NLA_POLICY_EXACT_LEN_WARN(sizeof(struct nl80211_sta_flag_update)),
790 [NL80211_ATTR_CONTROL_PORT] = { .type = NLA_FLAG },
791 [NL80211_ATTR_CONTROL_PORT_ETHERTYPE] = { .type = NLA_U16 },
792 [NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT] = { .type = NLA_FLAG },
793 [NL80211_ATTR_CONTROL_PORT_OVER_NL80211] = { .type = NLA_FLAG },
794 [NL80211_ATTR_PRIVACY] = { .type = NLA_FLAG },
795 [NL80211_ATTR_STATUS_CODE] = { .type = NLA_U16 },
796 [NL80211_ATTR_CIPHER_SUITE_GROUP] = { .type = NLA_U32 },
797 [NL80211_ATTR_WPA_VERSIONS] =
798 NLA_POLICY_RANGE(NLA_U32, 0,
799 NL80211_WPA_VERSION_1 |
800 NL80211_WPA_VERSION_2 |
801 NL80211_WPA_VERSION_3),
802 [NL80211_ATTR_PID] = { .type = NLA_U32 },
803 [NL80211_ATTR_4ADDR] = { .type = NLA_U8 },
804 [NL80211_ATTR_PMKID] = NLA_POLICY_EXACT_LEN_WARN(WLAN_PMKID_LEN),
805 [NL80211_ATTR_DURATION] = { .type = NLA_U32 },
806 [NL80211_ATTR_COOKIE] = { .type = NLA_U64 },
807 [NL80211_ATTR_TX_RATES] = { .type = NLA_NESTED },
808 [NL80211_ATTR_FRAME] = { .type = NLA_BINARY,
809 .len = IEEE80211_MAX_DATA_LEN },
810 [NL80211_ATTR_FRAME_MATCH] = { .type = NLA_BINARY, },
811 [NL80211_ATTR_PS_STATE] = NLA_POLICY_RANGE(NLA_U32,
812 NL80211_PS_DISABLED,
813 NL80211_PS_ENABLED),
814 [NL80211_ATTR_CQM] = { .type = NLA_NESTED, },
815 [NL80211_ATTR_LOCAL_STATE_CHANGE] = { .type = NLA_FLAG },
816 [NL80211_ATTR_AP_ISOLATE] = { .type = NLA_U8 },
817 [NL80211_ATTR_WIPHY_TX_POWER_SETTING] = { .type = NLA_U32 },
818 [NL80211_ATTR_WIPHY_TX_POWER_LEVEL] = { .type = NLA_U32 },
819 [NL80211_ATTR_FRAME_TYPE] = { .type = NLA_U16 },
820 [NL80211_ATTR_WIPHY_ANTENNA_TX] = { .type = NLA_U32 },
821 [NL80211_ATTR_WIPHY_ANTENNA_RX] = { .type = NLA_U32 },
822 [NL80211_ATTR_MCAST_RATE] = { .type = NLA_U32 },
823 [NL80211_ATTR_OFFCHANNEL_TX_OK] = { .type = NLA_FLAG },
824 [NL80211_ATTR_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED },
825 [NL80211_ATTR_WOWLAN_TRIGGERS] = { .type = NLA_NESTED },
826 [NL80211_ATTR_STA_PLINK_STATE] =
827 NLA_POLICY_MAX(NLA_U8, NUM_NL80211_PLINK_STATES - 1),
828 [NL80211_ATTR_MEASUREMENT_DURATION] = { .type = NLA_U16 },
829 [NL80211_ATTR_MEASUREMENT_DURATION_MANDATORY] = { .type = NLA_FLAG },
830 [NL80211_ATTR_MESH_PEER_AID] =
831 NLA_POLICY_RANGE(NLA_U16, 1, IEEE80211_MAX_AID),
832 [NL80211_ATTR_SCHED_SCAN_INTERVAL] = { .type = NLA_U32 },
833 [NL80211_ATTR_REKEY_DATA] = { .type = NLA_NESTED },
834 [NL80211_ATTR_SCAN_SUPP_RATES] = { .type = NLA_NESTED },
835 [NL80211_ATTR_HIDDEN_SSID] =
836 NLA_POLICY_RANGE(NLA_U32,
837 NL80211_HIDDEN_SSID_NOT_IN_USE,
838 NL80211_HIDDEN_SSID_ZERO_CONTENTS),
839 [NL80211_ATTR_IE_PROBE_RESP] =
840 NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_ie_attr,
841 IEEE80211_MAX_DATA_LEN),
842 [NL80211_ATTR_IE_ASSOC_RESP] =
843 NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_ie_attr,
844 IEEE80211_MAX_DATA_LEN),
845 [NL80211_ATTR_ROAM_SUPPORT] = { .type = NLA_FLAG },
846 [NL80211_ATTR_STA_WME] = NLA_POLICY_NESTED(nl80211_sta_wme_policy),
847 [NL80211_ATTR_SCHED_SCAN_MATCH] = { .type = NLA_NESTED },
848 [NL80211_ATTR_TX_NO_CCK_RATE] = { .type = NLA_FLAG },
849 [NL80211_ATTR_TDLS_ACTION] = { .type = NLA_U8 },
850 [NL80211_ATTR_TDLS_DIALOG_TOKEN] = { .type = NLA_U8 },
851 [NL80211_ATTR_TDLS_OPERATION] = { .type = NLA_U8 },
852 [NL80211_ATTR_TDLS_SUPPORT] = { .type = NLA_FLAG },
853 [NL80211_ATTR_TDLS_EXTERNAL_SETUP] = { .type = NLA_FLAG },
854 [NL80211_ATTR_TDLS_INITIATOR] = { .type = NLA_FLAG },
855 [NL80211_ATTR_DONT_WAIT_FOR_ACK] = { .type = NLA_FLAG },
856 [NL80211_ATTR_PROBE_RESP] = { .type = NLA_BINARY,
857 .len = IEEE80211_MAX_DATA_LEN },
858 [NL80211_ATTR_DFS_REGION] = { .type = NLA_U8 },
859 [NL80211_ATTR_DISABLE_HT] = { .type = NLA_FLAG },
860 [NL80211_ATTR_HT_CAPABILITY_MASK] = {
861 .len = NL80211_HT_CAPABILITY_LEN
862 },
863 [NL80211_ATTR_NOACK_MAP] = { .type = NLA_U16 },
864 [NL80211_ATTR_INACTIVITY_TIMEOUT] = { .type = NLA_U16 },
865 [NL80211_ATTR_BG_SCAN_PERIOD] = { .type = NLA_U16 },
866 [NL80211_ATTR_WDEV] = { .type = NLA_U64 },
867 [NL80211_ATTR_USER_REG_HINT_TYPE] = { .type = NLA_U32 },
868
869 /* need to include at least Auth Transaction and Status Code */
870 [NL80211_ATTR_AUTH_DATA] = NLA_POLICY_MIN_LEN(4),
871
872 [NL80211_ATTR_VHT_CAPABILITY] = NLA_POLICY_EXACT_LEN_WARN(NL80211_VHT_CAPABILITY_LEN),
873 [NL80211_ATTR_SCAN_FLAGS] = { .type = NLA_U32 },
874 [NL80211_ATTR_P2P_CTWINDOW] = NLA_POLICY_MAX(NLA_U8, 127),
875 [NL80211_ATTR_P2P_OPPPS] = NLA_POLICY_MAX(NLA_U8, 1),
876 [NL80211_ATTR_LOCAL_MESH_POWER_MODE] =
877 NLA_POLICY_RANGE(NLA_U32,
878 NL80211_MESH_POWER_UNKNOWN + 1,
879 NL80211_MESH_POWER_MAX),
880 [NL80211_ATTR_ACL_POLICY] = {. type = NLA_U32 },
881 [NL80211_ATTR_MAC_ADDRS] = { .type = NLA_NESTED },
882 [NL80211_ATTR_STA_CAPABILITY] = { .type = NLA_U16 },
883 [NL80211_ATTR_STA_EXT_CAPABILITY] = { .type = NLA_BINARY, },
884 [NL80211_ATTR_SPLIT_WIPHY_DUMP] = { .type = NLA_FLAG, },
885 [NL80211_ATTR_DISABLE_VHT] = { .type = NLA_FLAG },
886 [NL80211_ATTR_VHT_CAPABILITY_MASK] = {
887 .len = NL80211_VHT_CAPABILITY_LEN,
888 },
889 [NL80211_ATTR_MDID] = { .type = NLA_U16 },
890 [NL80211_ATTR_IE_RIC] = { .type = NLA_BINARY,
891 .len = IEEE80211_MAX_DATA_LEN },
892 [NL80211_ATTR_CRIT_PROT_ID] = { .type = NLA_U16 },
893 [NL80211_ATTR_MAX_CRIT_PROT_DURATION] =
894 NLA_POLICY_MAX(NLA_U16, NL80211_CRIT_PROTO_MAX_DURATION),
895 [NL80211_ATTR_PEER_AID] =
896 NLA_POLICY_RANGE(NLA_U16, 1, IEEE80211_MAX_AID),
897 [NL80211_ATTR_CH_SWITCH_COUNT] = { .type = NLA_U32 },
898 [NL80211_ATTR_CH_SWITCH_BLOCK_TX] = { .type = NLA_FLAG },
899 [NL80211_ATTR_CSA_IES] = { .type = NLA_NESTED },
900 [NL80211_ATTR_CNTDWN_OFFS_BEACON] = { .type = NLA_BINARY },
901 [NL80211_ATTR_CNTDWN_OFFS_PRESP] = { .type = NLA_BINARY },
902 [NL80211_ATTR_STA_SUPPORTED_CHANNELS] = NLA_POLICY_MIN_LEN(2),
903 /*
904 * The value of the Length field of the Supported Operating
905 * Classes element is between 2 and 253.
906 */
907 [NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES] =
908 NLA_POLICY_RANGE(NLA_BINARY, 2, 253),
909 [NL80211_ATTR_HANDLE_DFS] = { .type = NLA_FLAG },
910 [NL80211_ATTR_OPMODE_NOTIF] = { .type = NLA_U8 },
911 [NL80211_ATTR_VENDOR_ID] = { .type = NLA_U32 },
912 [NL80211_ATTR_VENDOR_SUBCMD] = { .type = NLA_U32 },
913 [NL80211_ATTR_VENDOR_DATA] = { .type = NLA_BINARY },
914 [NL80211_ATTR_QOS_MAP] = NLA_POLICY_RANGE(NLA_BINARY,
915 IEEE80211_QOS_MAP_LEN_MIN,
916 IEEE80211_QOS_MAP_LEN_MAX),
917 [NL80211_ATTR_MAC_HINT] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN),
918 [NL80211_ATTR_WIPHY_FREQ_HINT] = { .type = NLA_U32 },
919 [NL80211_ATTR_TDLS_PEER_CAPABILITY] = { .type = NLA_U32 },
920 [NL80211_ATTR_SOCKET_OWNER] = { .type = NLA_FLAG },
921 [NL80211_ATTR_CSA_C_OFFSETS_TX] = { .type = NLA_BINARY },
922 [NL80211_ATTR_USE_RRM] = { .type = NLA_FLAG },
923 [NL80211_ATTR_TSID] = NLA_POLICY_MAX(NLA_U8, IEEE80211_NUM_TIDS - 1),
924 [NL80211_ATTR_USER_PRIO] =
925 NLA_POLICY_MAX(NLA_U8, IEEE80211_NUM_UPS - 1),
926 [NL80211_ATTR_ADMITTED_TIME] = { .type = NLA_U16 },
927 [NL80211_ATTR_SMPS_MODE] = { .type = NLA_U8 },
928 [NL80211_ATTR_OPER_CLASS] = { .type = NLA_U8 },
929 [NL80211_ATTR_MAC_MASK] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN),
930 [NL80211_ATTR_WIPHY_SELF_MANAGED_REG] = { .type = NLA_FLAG },
931 [NL80211_ATTR_NETNS_FD] = { .type = NLA_U32 },
932 [NL80211_ATTR_SCHED_SCAN_DELAY] = { .type = NLA_U32 },
933 [NL80211_ATTR_REG_INDOOR] = { .type = NLA_FLAG },
934 [NL80211_ATTR_PBSS] = { .type = NLA_FLAG },
935 [NL80211_ATTR_BSS_SELECT] = { .type = NLA_NESTED },
936 [NL80211_ATTR_STA_SUPPORT_P2P_PS] =
937 NLA_POLICY_MAX(NLA_U8, NUM_NL80211_P2P_PS_STATUS - 1),
938 [NL80211_ATTR_MU_MIMO_GROUP_DATA] = {
939 .len = VHT_MUMIMO_GROUPS_DATA_LEN
940 },
941 [NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN),
942 [NL80211_ATTR_NAN_MASTER_PREF] = NLA_POLICY_MIN(NLA_U8, 1),
943 [NL80211_ATTR_BANDS] = { .type = NLA_U32 },
944 [NL80211_ATTR_NAN_CONFIG] = NLA_POLICY_NESTED(nl80211_nan_conf_policy),
945 [NL80211_ATTR_NAN_FUNC] = { .type = NLA_NESTED },
946 [NL80211_ATTR_FILS_KEK] = { .type = NLA_BINARY,
947 .len = FILS_MAX_KEK_LEN },
948 [NL80211_ATTR_FILS_NONCES] = NLA_POLICY_EXACT_LEN_WARN(2 * FILS_NONCE_LEN),
949 [NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED] = { .type = NLA_FLAG, },
950 [NL80211_ATTR_BSSID] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN),
951 [NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI] = { .type = NLA_S8 },
952 [NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST] = {
953 .len = sizeof(struct nl80211_bss_select_rssi_adjust)
954 },
955 [NL80211_ATTR_TIMEOUT_REASON] = { .type = NLA_U32 },
956 [NL80211_ATTR_FILS_ERP_USERNAME] = { .type = NLA_BINARY,
957 .len = FILS_ERP_MAX_USERNAME_LEN },
958 [NL80211_ATTR_FILS_ERP_REALM] = { .type = NLA_BINARY,
959 .len = FILS_ERP_MAX_REALM_LEN },
960 [NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] = { .type = NLA_U16 },
961 [NL80211_ATTR_FILS_ERP_RRK] = { .type = NLA_BINARY,
962 .len = FILS_ERP_MAX_RRK_LEN },
963 [NL80211_ATTR_FILS_CACHE_ID] = NLA_POLICY_EXACT_LEN_WARN(2),
964 [NL80211_ATTR_PMK] = { .type = NLA_BINARY, .len = PMK_MAX_LEN },
965 [NL80211_ATTR_PMKR0_NAME] = NLA_POLICY_EXACT_LEN(WLAN_PMK_NAME_LEN),
966 [NL80211_ATTR_SCHED_SCAN_MULTI] = { .type = NLA_FLAG },
967 [NL80211_ATTR_EXTERNAL_AUTH_SUPPORT] = { .type = NLA_FLAG },
968
969 [NL80211_ATTR_TXQ_LIMIT] = { .type = NLA_U32 },
970 [NL80211_ATTR_TXQ_MEMORY_LIMIT] = { .type = NLA_U32 },
971 [NL80211_ATTR_TXQ_QUANTUM] = NLA_POLICY_FULL_RANGE(NLA_U32, &q_range),
972 [NL80211_ATTR_HE_CAPABILITY] =
973 NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_he_capa,
974 NL80211_HE_MAX_CAPABILITY_LEN),
975 [NL80211_ATTR_FTM_RESPONDER] =
976 NLA_POLICY_NESTED(nl80211_ftm_responder_policy),
977 [NL80211_ATTR_TIMEOUT] = NLA_POLICY_MIN(NLA_U32, 1),
978 [NL80211_ATTR_PEER_MEASUREMENTS] =
979 NLA_POLICY_NESTED(nl80211_pmsr_attr_policy),
980 [NL80211_ATTR_AIRTIME_WEIGHT] = NLA_POLICY_MIN(NLA_U16, 1),
981 [NL80211_ATTR_SAE_PASSWORD] = { .type = NLA_BINARY,
982 .len = SAE_PASSWORD_MAX_LEN },
983 [NL80211_ATTR_TWT_RESPONDER] = { .type = NLA_FLAG },
984 [NL80211_ATTR_HE_OBSS_PD] = NLA_POLICY_NESTED(he_obss_pd_policy),
985 [NL80211_ATTR_VLAN_ID] = NLA_POLICY_RANGE(NLA_U16, 1, VLAN_N_VID - 2),
986 [NL80211_ATTR_HE_BSS_COLOR] = NLA_POLICY_NESTED(he_bss_color_policy),
987 [NL80211_ATTR_TID_CONFIG] =
988 NLA_POLICY_NESTED_ARRAY(nl80211_tid_config_attr_policy),
989 [NL80211_ATTR_CONTROL_PORT_NO_PREAUTH] = { .type = NLA_FLAG },
990 [NL80211_ATTR_PMK_LIFETIME] = NLA_POLICY_MIN(NLA_U32, 1),
991 [NL80211_ATTR_PMK_REAUTH_THRESHOLD] = NLA_POLICY_RANGE(NLA_U8, 1, 100),
992 [NL80211_ATTR_RECEIVE_MULTICAST] = { .type = NLA_FLAG },
993 [NL80211_ATTR_WIPHY_FREQ_OFFSET] = NLA_POLICY_RANGE(NLA_U32, 0, 999),
994 [NL80211_ATTR_SCAN_FREQ_KHZ] = { .type = NLA_NESTED },
995 [NL80211_ATTR_HE_6GHZ_CAPABILITY] =
996 NLA_POLICY_EXACT_LEN(sizeof(struct ieee80211_he_6ghz_capa)),
997 [NL80211_ATTR_FILS_DISCOVERY] =
998 NLA_POLICY_NESTED(nl80211_fils_discovery_policy),
999 [NL80211_ATTR_UNSOL_BCAST_PROBE_RESP] =
1000 NLA_POLICY_NESTED(nl80211_unsol_bcast_probe_resp_policy),
1001 [NL80211_ATTR_S1G_CAPABILITY] =
1002 NLA_POLICY_EXACT_LEN(IEEE80211_S1G_CAPABILITY_LEN),
1003 [NL80211_ATTR_S1G_CAPABILITY_MASK] =
1004 NLA_POLICY_EXACT_LEN(IEEE80211_S1G_CAPABILITY_LEN),
1005 [NL80211_ATTR_SAE_PWE] =
1006 NLA_POLICY_RANGE(NLA_U8, NL80211_SAE_PWE_HUNT_AND_PECK,
1007 NL80211_SAE_PWE_BOTH),
1008 [NL80211_ATTR_RECONNECT_REQUESTED] = { .type = NLA_REJECT },
1009 [NL80211_ATTR_SAR_SPEC] = NLA_POLICY_NESTED(sar_policy),
1010 [NL80211_ATTR_DISABLE_HE] = { .type = NLA_FLAG },
1011 [NL80211_ATTR_OBSS_COLOR_BITMAP] = { .type = NLA_U64 },
1012 [NL80211_ATTR_COLOR_CHANGE_COUNT] = { .type = NLA_U8 },
1013 [NL80211_ATTR_COLOR_CHANGE_COLOR] = { .type = NLA_U8 },
1014 [NL80211_ATTR_COLOR_CHANGE_ELEMS] = NLA_POLICY_NESTED(nl80211_policy),
1015 [NL80211_ATTR_MBSSID_CONFIG] =
1016 NLA_POLICY_NESTED(nl80211_mbssid_config_policy),
1017 [NL80211_ATTR_MBSSID_ELEMS] = { .type = NLA_NESTED },
1018 [NL80211_ATTR_RADAR_BACKGROUND] = { .type = NLA_FLAG },
1019 [NL80211_ATTR_AP_SETTINGS_FLAGS] = { .type = NLA_U32 },
1020 [NL80211_ATTR_EHT_CAPABILITY] =
1021 NLA_POLICY_RANGE(NLA_BINARY,
1022 NL80211_EHT_MIN_CAPABILITY_LEN,
1023 NL80211_EHT_MAX_CAPABILITY_LEN),
1024 [NL80211_ATTR_DISABLE_EHT] = { .type = NLA_FLAG },
1025 [NL80211_ATTR_MLO_LINKS] =
1026 NLA_POLICY_NESTED_ARRAY(nl80211_policy),
1027 [NL80211_ATTR_MLO_LINK_ID] =
1028 NLA_POLICY_RANGE(NLA_U8, 0, IEEE80211_MLD_MAX_NUM_LINKS - 1),
1029 [NL80211_ATTR_MLD_ADDR] = NLA_POLICY_EXACT_LEN(ETH_ALEN),
1030 [NL80211_ATTR_MLO_SUPPORT] = { .type = NLA_FLAG },
1031 [NL80211_ATTR_MAX_NUM_AKM_SUITES] = { .type = NLA_REJECT },
1032 [NL80211_ATTR_EML_CAPABILITY] = { .type = NLA_U16 },
1033 [NL80211_ATTR_PUNCT_BITMAP] =
1034 NLA_POLICY_FULL_RANGE(NLA_U32, &nl80211_punct_bitmap_range),
1035
1036 [NL80211_ATTR_MAX_HW_TIMESTAMP_PEERS] = { .type = NLA_U16 },
1037 [NL80211_ATTR_HW_TIMESTAMP_ENABLED] = { .type = NLA_FLAG },
1038 [NL80211_ATTR_EMA_RNR_ELEMS] = { .type = NLA_NESTED },
1039 [NL80211_ATTR_MLO_LINK_DISABLED] = { .type = NLA_FLAG },
1040 [NL80211_ATTR_BSS_DUMP_INCLUDE_USE_DATA] = { .type = NLA_FLAG },
1041 [NL80211_ATTR_MLO_TTLM_DLINK] = NLA_POLICY_EXACT_LEN(sizeof(u16) * 8),
1042 [NL80211_ATTR_MLO_TTLM_ULINK] = NLA_POLICY_EXACT_LEN(sizeof(u16) * 8),
1043 [NL80211_ATTR_ASSOC_SPP_AMSDU] = { .type = NLA_FLAG },
1044 [NL80211_ATTR_VIF_RADIO_MASK] = { .type = NLA_U32 },
1045 [NL80211_ATTR_SUPPORTED_SELECTORS] =
1046 NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_supported_selectors,
1047 NL80211_MAX_SUPP_SELECTORS),
1048 [NL80211_ATTR_MLO_RECONF_REM_LINKS] = { .type = NLA_U16 },
1049 [NL80211_ATTR_EPCS] = { .type = NLA_FLAG },
1050 [NL80211_ATTR_ASSOC_MLD_EXT_CAPA_OPS] = { .type = NLA_U16 },
1051 [NL80211_ATTR_WIPHY_RADIO_INDEX] = { .type = NLA_U8 },
1052 [NL80211_ATTR_S1G_LONG_BEACON_PERIOD] = NLA_POLICY_MIN(NLA_U8, 2),
1053 [NL80211_ATTR_S1G_SHORT_BEACON] =
1054 NLA_POLICY_NESTED(nl80211_s1g_short_beacon),
1055 [NL80211_ATTR_BSS_PARAM] = { .type = NLA_FLAG },
1056 [NL80211_ATTR_S1G_PRIMARY_2MHZ] = { .type = NLA_FLAG },
1057 [NL80211_ATTR_EPP_PEER] = { .type = NLA_FLAG },
1058 [NL80211_ATTR_UHR_CAPABILITY] =
1059 NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_uhr_capa, 255),
1060 [NL80211_ATTR_DISABLE_UHR] = { .type = NLA_FLAG },
1061 [NL80211_ATTR_UHR_OPERATION] =
1062 NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_uhr_operation),
1063 [NL80211_ATTR_NAN_CHANNEL] = NLA_POLICY_NESTED(nl80211_policy),
1064 [NL80211_ATTR_NAN_CHANNEL_ENTRY] = NLA_POLICY_EXACT_LEN(6),
1065 [NL80211_ATTR_NAN_RX_NSS] = { .type = NLA_U8 },
1066 [NL80211_ATTR_NAN_TIME_SLOTS] =
1067 NLA_POLICY_EXACT_LEN(CFG80211_NAN_SCHED_NUM_TIME_SLOTS),
1068 [NL80211_ATTR_NAN_AVAIL_BLOB] =
1069 NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_nan_avail_blob),
1070 [NL80211_ATTR_NAN_SCHED_DEFERRED] = { .type = NLA_FLAG },
1071 [NL80211_ATTR_NAN_NMI_MAC] = NLA_POLICY_ETH_ADDR,
1072 [NL80211_ATTR_NAN_ULW] =
1073 NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_nan_ulw),
1074 [NL80211_ATTR_NAN_COMMITTED_DW] = { .type = NLA_U16 },
1075 [NL80211_ATTR_NAN_SEQ_ID] = { .type = NLA_U8 },
1076 [NL80211_ATTR_NAN_MAX_CHAN_SWITCH_TIME] = { .type = NLA_U16 },
1077 [NL80211_ATTR_NAN_PEER_MAPS] =
1078 NLA_POLICY_NESTED_ARRAY(nl80211_nan_peer_map_policy),
1079 };
1080
1081 /* policy for the key attributes */
1082 static const struct nla_policy nl80211_key_policy[NL80211_KEY_MAX + 1] = {
1083 [NL80211_KEY_DATA] = { .type = NLA_BINARY, .len = WLAN_MAX_KEY_LEN },
1084 [NL80211_KEY_IDX] = { .type = NLA_U8 },
1085 [NL80211_KEY_CIPHER] = { .type = NLA_U32 },
1086 [NL80211_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 },
1087 [NL80211_KEY_DEFAULT] = { .type = NLA_FLAG },
1088 [NL80211_KEY_DEFAULT_MGMT] = { .type = NLA_FLAG },
1089 [NL80211_KEY_TYPE] = NLA_POLICY_MAX(NLA_U32, NUM_NL80211_KEYTYPES - 1),
1090 [NL80211_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED },
1091 [NL80211_KEY_MODE] = NLA_POLICY_RANGE(NLA_U8, 0, NL80211_KEY_SET_TX),
1092 };
1093
1094 /* policy for the key default flags */
1095 static const struct nla_policy
1096 nl80211_key_default_policy[NUM_NL80211_KEY_DEFAULT_TYPES] = {
1097 [NL80211_KEY_DEFAULT_TYPE_UNICAST] = { .type = NLA_FLAG },
1098 [NL80211_KEY_DEFAULT_TYPE_MULTICAST] = { .type = NLA_FLAG },
1099 };
1100
1101 #ifdef CONFIG_PM
1102 /* policy for WoWLAN attributes */
1103 static const struct nla_policy
1104 nl80211_wowlan_policy[NUM_NL80211_WOWLAN_TRIG] = {
1105 [NL80211_WOWLAN_TRIG_ANY] = { .type = NLA_FLAG },
1106 [NL80211_WOWLAN_TRIG_DISCONNECT] = { .type = NLA_FLAG },
1107 [NL80211_WOWLAN_TRIG_MAGIC_PKT] = { .type = NLA_FLAG },
1108 [NL80211_WOWLAN_TRIG_PKT_PATTERN] = { .type = NLA_NESTED },
1109 [NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE] = { .type = NLA_FLAG },
1110 [NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST] = { .type = NLA_FLAG },
1111 [NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE] = { .type = NLA_FLAG },
1112 [NL80211_WOWLAN_TRIG_RFKILL_RELEASE] = { .type = NLA_FLAG },
1113 [NL80211_WOWLAN_TRIG_TCP_CONNECTION] = { .type = NLA_NESTED },
1114 [NL80211_WOWLAN_TRIG_NET_DETECT] = { .type = NLA_NESTED },
1115 };
1116
1117 static const struct nla_policy
1118 nl80211_wowlan_tcp_policy[NUM_NL80211_WOWLAN_TCP] = {
1119 [NL80211_WOWLAN_TCP_SRC_IPV4] = { .type = NLA_U32 },
1120 [NL80211_WOWLAN_TCP_DST_IPV4] = { .type = NLA_U32 },
1121 [NL80211_WOWLAN_TCP_DST_MAC] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN),
1122 [NL80211_WOWLAN_TCP_SRC_PORT] = { .type = NLA_U16 },
1123 [NL80211_WOWLAN_TCP_DST_PORT] = { .type = NLA_U16 },
1124 [NL80211_WOWLAN_TCP_DATA_PAYLOAD] = NLA_POLICY_MIN_LEN(1),
1125 [NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ] = {
1126 .len = sizeof(struct nl80211_wowlan_tcp_data_seq)
1127 },
1128 [NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN] = {
1129 .len = sizeof(struct nl80211_wowlan_tcp_data_token)
1130 },
1131 [NL80211_WOWLAN_TCP_DATA_INTERVAL] = { .type = NLA_U32 },
1132 [NL80211_WOWLAN_TCP_WAKE_PAYLOAD] = NLA_POLICY_MIN_LEN(1),
1133 [NL80211_WOWLAN_TCP_WAKE_MASK] = NLA_POLICY_MIN_LEN(1),
1134 };
1135 #endif /* CONFIG_PM */
1136
1137 /* policy for coalesce rule attributes */
1138 static const struct nla_policy
1139 nl80211_coalesce_policy[NUM_NL80211_ATTR_COALESCE_RULE] = {
1140 [NL80211_ATTR_COALESCE_RULE_DELAY] = { .type = NLA_U32 },
1141 [NL80211_ATTR_COALESCE_RULE_CONDITION] =
1142 NLA_POLICY_RANGE(NLA_U32,
1143 NL80211_COALESCE_CONDITION_MATCH,
1144 NL80211_COALESCE_CONDITION_NO_MATCH),
1145 [NL80211_ATTR_COALESCE_RULE_PKT_PATTERN] = { .type = NLA_NESTED },
1146 };
1147
1148 /* policy for GTK rekey offload attributes */
1149 static const struct nla_policy
1150 nl80211_rekey_policy[NUM_NL80211_REKEY_DATA] = {
1151 [NL80211_REKEY_DATA_KEK] = {
1152 .type = NLA_BINARY,
1153 .len = NL80211_KEK_EXT_LEN
1154 },
1155 [NL80211_REKEY_DATA_KCK] = {
1156 .type = NLA_BINARY,
1157 .len = NL80211_KCK_EXT_LEN_32
1158 },
1159 [NL80211_REKEY_DATA_REPLAY_CTR] = NLA_POLICY_EXACT_LEN(NL80211_REPLAY_CTR_LEN),
1160 [NL80211_REKEY_DATA_AKM] = { .type = NLA_U32 },
1161 };
1162
1163 static const struct nla_policy
1164 nl80211_match_policy[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1] = {
1165 [NL80211_SCHED_SCAN_MATCH_ATTR_SSID] = { .type = NLA_BINARY,
1166 .len = IEEE80211_MAX_SSID_LEN },
1167 [NL80211_SCHED_SCAN_MATCH_ATTR_BSSID] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN),
1168 [NL80211_SCHED_SCAN_MATCH_ATTR_RSSI] = { .type = NLA_U32 },
1169 };
1170
1171 static const struct nla_policy
1172 nl80211_plan_policy[NL80211_SCHED_SCAN_PLAN_MAX + 1] = {
1173 [NL80211_SCHED_SCAN_PLAN_INTERVAL] = { .type = NLA_U32 },
1174 [NL80211_SCHED_SCAN_PLAN_ITERATIONS] = { .type = NLA_U32 },
1175 };
1176
1177 static const struct nla_policy
1178 nl80211_bss_select_policy[NL80211_BSS_SELECT_ATTR_MAX + 1] = {
1179 [NL80211_BSS_SELECT_ATTR_RSSI] = { .type = NLA_FLAG },
1180 [NL80211_BSS_SELECT_ATTR_BAND_PREF] = { .type = NLA_U32 },
1181 [NL80211_BSS_SELECT_ATTR_RSSI_ADJUST] = {
1182 .len = sizeof(struct nl80211_bss_select_rssi_adjust)
1183 },
1184 };
1185
1186 /* policy for NAN function attributes */
1187 static const struct nla_policy
1188 nl80211_nan_func_policy[NL80211_NAN_FUNC_ATTR_MAX + 1] = {
1189 [NL80211_NAN_FUNC_TYPE] =
1190 NLA_POLICY_MAX(NLA_U8, NL80211_NAN_FUNC_MAX_TYPE),
1191 [NL80211_NAN_FUNC_SERVICE_ID] = {
1192 .len = NL80211_NAN_FUNC_SERVICE_ID_LEN },
1193 [NL80211_NAN_FUNC_PUBLISH_TYPE] = { .type = NLA_U8 },
1194 [NL80211_NAN_FUNC_PUBLISH_BCAST] = { .type = NLA_FLAG },
1195 [NL80211_NAN_FUNC_SUBSCRIBE_ACTIVE] = { .type = NLA_FLAG },
1196 [NL80211_NAN_FUNC_FOLLOW_UP_ID] = { .type = NLA_U8 },
1197 [NL80211_NAN_FUNC_FOLLOW_UP_REQ_ID] = { .type = NLA_U8 },
1198 [NL80211_NAN_FUNC_FOLLOW_UP_DEST] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN),
1199 [NL80211_NAN_FUNC_CLOSE_RANGE] = { .type = NLA_FLAG },
1200 [NL80211_NAN_FUNC_TTL] = { .type = NLA_U32 },
1201 [NL80211_NAN_FUNC_SERVICE_INFO] = { .type = NLA_BINARY,
1202 .len = NL80211_NAN_FUNC_SERVICE_SPEC_INFO_MAX_LEN },
1203 [NL80211_NAN_FUNC_SRF] = { .type = NLA_NESTED },
1204 [NL80211_NAN_FUNC_RX_MATCH_FILTER] = { .type = NLA_NESTED },
1205 [NL80211_NAN_FUNC_TX_MATCH_FILTER] = { .type = NLA_NESTED },
1206 [NL80211_NAN_FUNC_INSTANCE_ID] = { .type = NLA_U8 },
1207 [NL80211_NAN_FUNC_TERM_REASON] = { .type = NLA_U8 },
1208 };
1209
1210 /* policy for Service Response Filter attributes */
1211 static const struct nla_policy
1212 nl80211_nan_srf_policy[NL80211_NAN_SRF_ATTR_MAX + 1] = {
1213 [NL80211_NAN_SRF_INCLUDE] = { .type = NLA_FLAG },
1214 [NL80211_NAN_SRF_BF] = { .type = NLA_BINARY,
1215 .len = NL80211_NAN_FUNC_SRF_MAX_LEN },
1216 [NL80211_NAN_SRF_BF_IDX] = { .type = NLA_U8 },
1217 [NL80211_NAN_SRF_MAC_ADDRS] = { .type = NLA_NESTED },
1218 };
1219
1220 /* policy for packet pattern attributes */
1221 static const struct nla_policy
1222 nl80211_packet_pattern_policy[MAX_NL80211_PKTPAT + 1] = {
1223 [NL80211_PKTPAT_MASK] = { .type = NLA_BINARY, },
1224 [NL80211_PKTPAT_PATTERN] = { .type = NLA_BINARY, },
1225 [NL80211_PKTPAT_OFFSET] = { .type = NLA_U32 },
1226 };
1227
nl80211_prepare_wdev_dump(struct netlink_callback * cb,struct cfg80211_registered_device ** rdev,struct wireless_dev ** wdev,struct nlattr ** attrbuf)1228 static int nl80211_prepare_wdev_dump(struct netlink_callback *cb,
1229 struct cfg80211_registered_device **rdev,
1230 struct wireless_dev **wdev,
1231 struct nlattr **attrbuf)
1232 {
1233 int err;
1234
1235 if (!cb->args[0]) {
1236 struct nlattr **attrbuf_free = NULL;
1237
1238 if (!attrbuf) {
1239 attrbuf = kzalloc_objs(*attrbuf, NUM_NL80211_ATTR);
1240 if (!attrbuf)
1241 return -ENOMEM;
1242 attrbuf_free = attrbuf;
1243 }
1244
1245 err = nlmsg_parse_deprecated(cb->nlh,
1246 GENL_HDRLEN + nl80211_fam.hdrsize,
1247 attrbuf, nl80211_fam.maxattr,
1248 nl80211_policy, NULL);
1249 if (err) {
1250 kfree(attrbuf_free);
1251 return err;
1252 }
1253
1254 rtnl_lock();
1255 *wdev = __cfg80211_wdev_from_attrs(NULL, sock_net(cb->skb->sk),
1256 attrbuf);
1257 kfree(attrbuf_free);
1258 if (IS_ERR(*wdev)) {
1259 rtnl_unlock();
1260 return PTR_ERR(*wdev);
1261 }
1262 *rdev = wiphy_to_rdev((*wdev)->wiphy);
1263 mutex_lock(&(*rdev)->wiphy.mtx);
1264 rtnl_unlock();
1265 /* 0 is the first index - add 1 to parse only once */
1266 cb->args[0] = (*rdev)->wiphy_idx + 1;
1267 cb->args[1] = (*wdev)->identifier;
1268 } else {
1269 /* subtract the 1 again here */
1270 struct wiphy *wiphy;
1271 struct wireless_dev *tmp;
1272
1273 rtnl_lock();
1274 wiphy = wiphy_idx_to_wiphy(cb->args[0] - 1);
1275 if (!wiphy) {
1276 rtnl_unlock();
1277 return -ENODEV;
1278 }
1279
1280 /*
1281 * The first invocation validated the wdev's netns against
1282 * the caller via __cfg80211_wdev_from_attrs(). The wiphy
1283 * may have moved netns between dumpit invocations (via
1284 * NL80211_CMD_SET_WIPHY_NETNS), so re-check here.
1285 */
1286 if (!net_eq(wiphy_net(wiphy), sock_net(cb->skb->sk))) {
1287 rtnl_unlock();
1288 return -ENODEV;
1289 }
1290
1291 *rdev = wiphy_to_rdev(wiphy);
1292 *wdev = NULL;
1293
1294 list_for_each_entry(tmp, &(*rdev)->wiphy.wdev_list, list) {
1295 if (tmp->identifier == cb->args[1]) {
1296 *wdev = tmp;
1297 break;
1298 }
1299 }
1300
1301 if (!*wdev) {
1302 rtnl_unlock();
1303 return -ENODEV;
1304 }
1305 mutex_lock(&(*rdev)->wiphy.mtx);
1306 rtnl_unlock();
1307 }
1308
1309 return 0;
1310 }
1311
1312 /* message building helper */
nl80211hdr_put(struct sk_buff * skb,u32 portid,u32 seq,int flags,u8 cmd)1313 void *nl80211hdr_put(struct sk_buff *skb, u32 portid, u32 seq,
1314 int flags, u8 cmd)
1315 {
1316 /* since there is no private header just add the generic one */
1317 return genlmsg_put(skb, portid, seq, &nl80211_fam, flags, cmd);
1318 }
1319
nl80211_msg_put_wmm_rules(struct sk_buff * msg,const struct ieee80211_reg_rule * rule)1320 static int nl80211_msg_put_wmm_rules(struct sk_buff *msg,
1321 const struct ieee80211_reg_rule *rule)
1322 {
1323 int j;
1324 struct nlattr *nl_wmm_rules =
1325 nla_nest_start_noflag(msg, NL80211_FREQUENCY_ATTR_WMM);
1326
1327 if (!nl_wmm_rules)
1328 goto nla_put_failure;
1329
1330 for (j = 0; j < IEEE80211_NUM_ACS; j++) {
1331 struct nlattr *nl_wmm_rule = nla_nest_start_noflag(msg, j);
1332
1333 if (!nl_wmm_rule)
1334 goto nla_put_failure;
1335
1336 if (nla_put_u16(msg, NL80211_WMMR_CW_MIN,
1337 rule->wmm_rule.client[j].cw_min) ||
1338 nla_put_u16(msg, NL80211_WMMR_CW_MAX,
1339 rule->wmm_rule.client[j].cw_max) ||
1340 nla_put_u8(msg, NL80211_WMMR_AIFSN,
1341 rule->wmm_rule.client[j].aifsn) ||
1342 nla_put_u16(msg, NL80211_WMMR_TXOP,
1343 rule->wmm_rule.client[j].cot))
1344 goto nla_put_failure;
1345
1346 nla_nest_end(msg, nl_wmm_rule);
1347 }
1348 nla_nest_end(msg, nl_wmm_rules);
1349
1350 return 0;
1351
1352 nla_put_failure:
1353 return -ENOBUFS;
1354 }
1355
nl80211_msg_put_channel(struct sk_buff * msg,struct wiphy * wiphy,struct ieee80211_channel * chan,bool large)1356 static int nl80211_msg_put_channel(struct sk_buff *msg, struct wiphy *wiphy,
1357 struct ieee80211_channel *chan,
1358 bool large)
1359 {
1360 /* Some channels must be completely excluded from the
1361 * list to protect old user-space tools from breaking
1362 */
1363 if (!large && chan->flags &
1364 (IEEE80211_CHAN_NO_10MHZ | IEEE80211_CHAN_NO_20MHZ))
1365 return 0;
1366 if (!large && chan->freq_offset)
1367 return 0;
1368
1369 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_FREQ,
1370 chan->center_freq))
1371 goto nla_put_failure;
1372
1373 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_OFFSET, chan->freq_offset))
1374 goto nla_put_failure;
1375
1376 if ((chan->flags & IEEE80211_CHAN_PSD) &&
1377 nla_put_s8(msg, NL80211_FREQUENCY_ATTR_PSD, chan->psd))
1378 goto nla_put_failure;
1379
1380 if ((chan->flags & IEEE80211_CHAN_DISABLED) &&
1381 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_DISABLED))
1382 goto nla_put_failure;
1383 if (chan->flags & IEEE80211_CHAN_NO_IR) {
1384 if (nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_IR))
1385 goto nla_put_failure;
1386 if (nla_put_flag(msg, __NL80211_FREQUENCY_ATTR_NO_IBSS))
1387 goto nla_put_failure;
1388 }
1389 if (chan->flags & IEEE80211_CHAN_RADAR) {
1390 if (nla_put_flag(msg, NL80211_FREQUENCY_ATTR_RADAR))
1391 goto nla_put_failure;
1392 if (large) {
1393 u32 time;
1394
1395 time = elapsed_jiffies_msecs(chan->dfs_state_entered);
1396
1397 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_DFS_STATE,
1398 chan->dfs_state))
1399 goto nla_put_failure;
1400 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_DFS_TIME,
1401 time))
1402 goto nla_put_failure;
1403 if (nla_put_u32(msg,
1404 NL80211_FREQUENCY_ATTR_DFS_CAC_TIME,
1405 chan->dfs_cac_ms))
1406 goto nla_put_failure;
1407 }
1408 }
1409
1410 if (large) {
1411 if ((chan->flags & IEEE80211_CHAN_NO_HT40MINUS) &&
1412 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_HT40_MINUS))
1413 goto nla_put_failure;
1414 if ((chan->flags & IEEE80211_CHAN_NO_HT40PLUS) &&
1415 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_HT40_PLUS))
1416 goto nla_put_failure;
1417 if ((chan->flags & IEEE80211_CHAN_NO_80MHZ) &&
1418 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_80MHZ))
1419 goto nla_put_failure;
1420 if ((chan->flags & IEEE80211_CHAN_NO_160MHZ) &&
1421 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_160MHZ))
1422 goto nla_put_failure;
1423 if ((chan->flags & IEEE80211_CHAN_INDOOR_ONLY) &&
1424 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_INDOOR_ONLY))
1425 goto nla_put_failure;
1426 if ((chan->flags & IEEE80211_CHAN_IR_CONCURRENT) &&
1427 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_IR_CONCURRENT))
1428 goto nla_put_failure;
1429 if ((chan->flags & IEEE80211_CHAN_NO_20MHZ) &&
1430 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_20MHZ))
1431 goto nla_put_failure;
1432 if ((chan->flags & IEEE80211_CHAN_NO_10MHZ) &&
1433 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_10MHZ))
1434 goto nla_put_failure;
1435 if ((chan->flags & IEEE80211_CHAN_NO_HE) &&
1436 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_HE))
1437 goto nla_put_failure;
1438 if ((chan->flags & IEEE80211_CHAN_NO_320MHZ) &&
1439 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_320MHZ))
1440 goto nla_put_failure;
1441 if ((chan->flags & IEEE80211_CHAN_NO_EHT) &&
1442 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_EHT))
1443 goto nla_put_failure;
1444 if ((chan->flags & IEEE80211_CHAN_DFS_CONCURRENT) &&
1445 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_DFS_CONCURRENT))
1446 goto nla_put_failure;
1447 if ((chan->flags & IEEE80211_CHAN_NO_6GHZ_VLP_CLIENT) &&
1448 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_6GHZ_VLP_CLIENT))
1449 goto nla_put_failure;
1450 if ((chan->flags & IEEE80211_CHAN_NO_6GHZ_AFC_CLIENT) &&
1451 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_6GHZ_AFC_CLIENT))
1452 goto nla_put_failure;
1453 if ((chan->flags & IEEE80211_CHAN_CAN_MONITOR) &&
1454 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_CAN_MONITOR))
1455 goto nla_put_failure;
1456 if ((chan->flags & IEEE80211_CHAN_ALLOW_6GHZ_VLP_AP) &&
1457 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_ALLOW_6GHZ_VLP_AP))
1458 goto nla_put_failure;
1459 if ((chan->flags & IEEE80211_CHAN_ALLOW_20MHZ_ACTIVITY) &&
1460 nla_put_flag(msg,
1461 NL80211_FREQUENCY_ATTR_ALLOW_20MHZ_ACTIVITY))
1462 goto nla_put_failure;
1463 if ((chan->flags & IEEE80211_CHAN_NO_4MHZ) &&
1464 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_4MHZ))
1465 goto nla_put_failure;
1466 if ((chan->flags & IEEE80211_CHAN_NO_8MHZ) &&
1467 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_8MHZ))
1468 goto nla_put_failure;
1469 if ((chan->flags & IEEE80211_CHAN_NO_16MHZ) &&
1470 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_16MHZ))
1471 goto nla_put_failure;
1472 if ((chan->flags & IEEE80211_CHAN_S1G_NO_PRIMARY) &&
1473 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_S1G_NO_PRIMARY))
1474 goto nla_put_failure;
1475 if ((chan->flags & IEEE80211_CHAN_NO_UHR) &&
1476 nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_UHR))
1477 goto nla_put_failure;
1478 if (chan->cac_start_time &&
1479 nla_put_u64_64bit(msg,
1480 NL80211_FREQUENCY_ATTR_CAC_START_TIME,
1481 chan->cac_start_time,
1482 NL80211_FREQUENCY_ATTR_PAD))
1483 goto nla_put_failure;
1484 }
1485
1486 if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_MAX_TX_POWER,
1487 DBM_TO_MBM(chan->max_power)))
1488 goto nla_put_failure;
1489
1490 if (large) {
1491 const struct ieee80211_reg_rule *rule =
1492 freq_reg_info(wiphy, MHZ_TO_KHZ(chan->center_freq));
1493
1494 if (!IS_ERR_OR_NULL(rule) && rule->has_wmm) {
1495 if (nl80211_msg_put_wmm_rules(msg, rule))
1496 goto nla_put_failure;
1497 }
1498 }
1499
1500 return 0;
1501
1502 nla_put_failure:
1503 return -ENOBUFS;
1504 }
1505
nl80211_put_txq_stats(struct sk_buff * msg,struct cfg80211_txq_stats * txqstats,int attrtype)1506 static bool nl80211_put_txq_stats(struct sk_buff *msg,
1507 struct cfg80211_txq_stats *txqstats,
1508 int attrtype)
1509 {
1510 struct nlattr *txqattr;
1511
1512 #define PUT_TXQVAL_U32(attr, memb) do { \
1513 if (txqstats->filled & BIT(NL80211_TXQ_STATS_ ## attr) && \
1514 nla_put_u32(msg, NL80211_TXQ_STATS_ ## attr, txqstats->memb)) \
1515 return false; \
1516 } while (0)
1517
1518 txqattr = nla_nest_start_noflag(msg, attrtype);
1519 if (!txqattr)
1520 return false;
1521
1522 PUT_TXQVAL_U32(BACKLOG_BYTES, backlog_bytes);
1523 PUT_TXQVAL_U32(BACKLOG_PACKETS, backlog_packets);
1524 PUT_TXQVAL_U32(FLOWS, flows);
1525 PUT_TXQVAL_U32(DROPS, drops);
1526 PUT_TXQVAL_U32(ECN_MARKS, ecn_marks);
1527 PUT_TXQVAL_U32(OVERLIMIT, overlimit);
1528 PUT_TXQVAL_U32(OVERMEMORY, overmemory);
1529 PUT_TXQVAL_U32(COLLISIONS, collisions);
1530 PUT_TXQVAL_U32(TX_BYTES, tx_bytes);
1531 PUT_TXQVAL_U32(TX_PACKETS, tx_packets);
1532 PUT_TXQVAL_U32(MAX_FLOWS, max_flows);
1533 nla_nest_end(msg, txqattr);
1534
1535 #undef PUT_TXQVAL_U32
1536 return true;
1537 }
1538
1539 /* netlink command implementations */
1540
1541 /**
1542 * nl80211_link_id - return link ID
1543 * @attrs: attributes to look at
1544 *
1545 * Returns: the link ID or 0 if not given
1546 *
1547 * Note this function doesn't do any validation of the link
1548 * ID validity wrt. links that were actually added, so it must
1549 * be called only from ops with %NL80211_FLAG_MLO_VALID_LINK_ID
1550 * or if additional validation is done.
1551 */
nl80211_link_id(struct nlattr ** attrs)1552 static unsigned int nl80211_link_id(struct nlattr **attrs)
1553 {
1554 struct nlattr *linkid = attrs[NL80211_ATTR_MLO_LINK_ID];
1555
1556 return nla_get_u8_default(linkid, 0);
1557 }
1558
nl80211_link_id_or_invalid(struct nlattr ** attrs)1559 static int nl80211_link_id_or_invalid(struct nlattr **attrs)
1560 {
1561 struct nlattr *linkid = attrs[NL80211_ATTR_MLO_LINK_ID];
1562
1563 if (!linkid)
1564 return -1;
1565
1566 return nla_get_u8(linkid);
1567 }
1568
1569 struct key_parse {
1570 struct key_params p;
1571 int idx;
1572 int type;
1573 bool def, defmgmt, defbeacon;
1574 bool def_uni, def_multi;
1575 };
1576
nl80211_parse_key_new(struct genl_info * info,struct nlattr * key,struct key_parse * k)1577 static int nl80211_parse_key_new(struct genl_info *info, struct nlattr *key,
1578 struct key_parse *k)
1579 {
1580 struct nlattr *tb[NL80211_KEY_MAX + 1];
1581 int err = nla_parse_nested_deprecated(tb, NL80211_KEY_MAX, key,
1582 nl80211_key_policy,
1583 info->extack);
1584 if (err)
1585 return err;
1586
1587 k->def = !!tb[NL80211_KEY_DEFAULT];
1588 k->defmgmt = !!tb[NL80211_KEY_DEFAULT_MGMT];
1589 k->defbeacon = !!tb[NL80211_KEY_DEFAULT_BEACON];
1590
1591 if (k->def) {
1592 k->def_uni = true;
1593 k->def_multi = true;
1594 }
1595 if (k->defmgmt || k->defbeacon)
1596 k->def_multi = true;
1597
1598 if (tb[NL80211_KEY_IDX])
1599 k->idx = nla_get_u8(tb[NL80211_KEY_IDX]);
1600
1601 if (tb[NL80211_KEY_DATA]) {
1602 k->p.key = nla_data(tb[NL80211_KEY_DATA]);
1603 k->p.key_len = nla_len(tb[NL80211_KEY_DATA]);
1604 }
1605
1606 if (tb[NL80211_KEY_SEQ]) {
1607 k->p.seq = nla_data(tb[NL80211_KEY_SEQ]);
1608 k->p.seq_len = nla_len(tb[NL80211_KEY_SEQ]);
1609 }
1610
1611 if (tb[NL80211_KEY_CIPHER])
1612 k->p.cipher = nla_get_u32(tb[NL80211_KEY_CIPHER]);
1613
1614 if (tb[NL80211_KEY_TYPE])
1615 k->type = nla_get_u32(tb[NL80211_KEY_TYPE]);
1616
1617 if (tb[NL80211_KEY_DEFAULT_TYPES]) {
1618 struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES];
1619
1620 err = nla_parse_nested_deprecated(kdt,
1621 NUM_NL80211_KEY_DEFAULT_TYPES - 1,
1622 tb[NL80211_KEY_DEFAULT_TYPES],
1623 nl80211_key_default_policy,
1624 info->extack);
1625 if (err)
1626 return err;
1627
1628 k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST];
1629 k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST];
1630 }
1631
1632 if (tb[NL80211_KEY_MODE])
1633 k->p.mode = nla_get_u8(tb[NL80211_KEY_MODE]);
1634
1635 return 0;
1636 }
1637
nl80211_parse_key_old(struct genl_info * info,struct key_parse * k)1638 static int nl80211_parse_key_old(struct genl_info *info, struct key_parse *k)
1639 {
1640 if (info->attrs[NL80211_ATTR_KEY_DATA]) {
1641 k->p.key = nla_data(info->attrs[NL80211_ATTR_KEY_DATA]);
1642 k->p.key_len = nla_len(info->attrs[NL80211_ATTR_KEY_DATA]);
1643 }
1644
1645 if (info->attrs[NL80211_ATTR_KEY_SEQ]) {
1646 k->p.seq = nla_data(info->attrs[NL80211_ATTR_KEY_SEQ]);
1647 k->p.seq_len = nla_len(info->attrs[NL80211_ATTR_KEY_SEQ]);
1648 }
1649
1650 if (info->attrs[NL80211_ATTR_KEY_IDX])
1651 k->idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
1652
1653 if (info->attrs[NL80211_ATTR_KEY_CIPHER])
1654 k->p.cipher = nla_get_u32(info->attrs[NL80211_ATTR_KEY_CIPHER]);
1655
1656 k->def = !!info->attrs[NL80211_ATTR_KEY_DEFAULT];
1657 k->defmgmt = !!info->attrs[NL80211_ATTR_KEY_DEFAULT_MGMT];
1658
1659 if (k->def) {
1660 k->def_uni = true;
1661 k->def_multi = true;
1662 }
1663 if (k->defmgmt)
1664 k->def_multi = true;
1665
1666 if (info->attrs[NL80211_ATTR_KEY_TYPE])
1667 k->type = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]);
1668
1669 if (info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES]) {
1670 struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES];
1671 int err = nla_parse_nested_deprecated(kdt,
1672 NUM_NL80211_KEY_DEFAULT_TYPES - 1,
1673 info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES],
1674 nl80211_key_default_policy,
1675 info->extack);
1676 if (err)
1677 return err;
1678
1679 k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST];
1680 k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST];
1681 }
1682
1683 return 0;
1684 }
1685
nl80211_parse_key(struct genl_info * info,struct key_parse * k)1686 static int nl80211_parse_key(struct genl_info *info, struct key_parse *k)
1687 {
1688 int err;
1689
1690 memset(k, 0, sizeof(*k));
1691 k->idx = -1;
1692 k->type = -1;
1693
1694 if (info->attrs[NL80211_ATTR_KEY])
1695 err = nl80211_parse_key_new(info, info->attrs[NL80211_ATTR_KEY], k);
1696 else
1697 err = nl80211_parse_key_old(info, k);
1698
1699 if (err)
1700 return err;
1701
1702 if ((k->def ? 1 : 0) + (k->defmgmt ? 1 : 0) +
1703 (k->defbeacon ? 1 : 0) > 1) {
1704 GENL_SET_ERR_MSG(info,
1705 "key with multiple default flags is invalid");
1706 return -EINVAL;
1707 }
1708
1709 if (k->defmgmt || k->defbeacon) {
1710 if (k->def_uni || !k->def_multi) {
1711 GENL_SET_ERR_MSG(info,
1712 "defmgmt/defbeacon key must be mcast");
1713 return -EINVAL;
1714 }
1715 }
1716
1717 if (k->idx != -1) {
1718 if (k->defmgmt) {
1719 if (k->idx < 4 || k->idx > 5) {
1720 GENL_SET_ERR_MSG(info,
1721 "defmgmt key idx not 4 or 5");
1722 return -EINVAL;
1723 }
1724 } else if (k->defbeacon) {
1725 if (k->idx < 6 || k->idx > 7) {
1726 GENL_SET_ERR_MSG(info,
1727 "defbeacon key idx not 6 or 7");
1728 return -EINVAL;
1729 }
1730 } else if (k->def) {
1731 if (k->idx < 0 || k->idx > 3) {
1732 GENL_SET_ERR_MSG(info, "def key idx not 0-3");
1733 return -EINVAL;
1734 }
1735 } else {
1736 if (k->idx < 0 || k->idx > 7) {
1737 GENL_SET_ERR_MSG(info, "key idx not 0-7");
1738 return -EINVAL;
1739 }
1740 }
1741 }
1742
1743 return 0;
1744 }
1745
1746 static struct cfg80211_cached_keys *
nl80211_parse_connkeys(struct cfg80211_registered_device * rdev,struct genl_info * info,bool * no_ht)1747 nl80211_parse_connkeys(struct cfg80211_registered_device *rdev,
1748 struct genl_info *info, bool *no_ht)
1749 {
1750 struct nlattr *keys = info->attrs[NL80211_ATTR_KEYS];
1751 struct key_parse parse;
1752 struct nlattr *key;
1753 struct cfg80211_cached_keys *result;
1754 int rem, err, def = 0;
1755 bool have_key = false;
1756
1757 nla_for_each_nested(key, keys, rem) {
1758 have_key = true;
1759 break;
1760 }
1761
1762 if (!have_key)
1763 return NULL;
1764
1765 result = kzalloc_obj(*result);
1766 if (!result)
1767 return ERR_PTR(-ENOMEM);
1768
1769 result->def = -1;
1770
1771 nla_for_each_nested(key, keys, rem) {
1772 memset(&parse, 0, sizeof(parse));
1773 parse.idx = -1;
1774
1775 err = nl80211_parse_key_new(info, key, &parse);
1776 if (err)
1777 goto error;
1778 err = -EINVAL;
1779 if (!parse.p.key)
1780 goto error;
1781 if (parse.idx < 0 || parse.idx > 3) {
1782 GENL_SET_ERR_MSG(info, "key index out of range [0-3]");
1783 goto error;
1784 }
1785 if (parse.def) {
1786 if (def) {
1787 GENL_SET_ERR_MSG(info,
1788 "only one key can be default");
1789 goto error;
1790 }
1791 def = 1;
1792 result->def = parse.idx;
1793 if (!parse.def_uni || !parse.def_multi)
1794 goto error;
1795 } else if (parse.defmgmt)
1796 goto error;
1797 err = cfg80211_validate_key_settings(rdev, &parse.p,
1798 parse.idx, false, NULL);
1799 if (err)
1800 goto error;
1801 if (parse.p.cipher != WLAN_CIPHER_SUITE_WEP40 &&
1802 parse.p.cipher != WLAN_CIPHER_SUITE_WEP104) {
1803 GENL_SET_ERR_MSG(info, "connect key must be WEP");
1804 err = -EINVAL;
1805 goto error;
1806 }
1807 result->params[parse.idx].cipher = parse.p.cipher;
1808 result->params[parse.idx].key_len = parse.p.key_len;
1809 result->params[parse.idx].key = result->data[parse.idx];
1810 memcpy(result->data[parse.idx], parse.p.key, parse.p.key_len);
1811
1812 /* must be WEP key if we got here */
1813 if (no_ht)
1814 *no_ht = true;
1815 }
1816
1817 if (result->def < 0) {
1818 err = -EINVAL;
1819 GENL_SET_ERR_MSG(info, "need a default/TX key");
1820 goto error;
1821 }
1822
1823 return result;
1824 error:
1825 kfree_sensitive(result);
1826 return ERR_PTR(err);
1827 }
1828
nl80211_key_allowed(struct wireless_dev * wdev)1829 static int nl80211_key_allowed(struct wireless_dev *wdev)
1830 {
1831 lockdep_assert_wiphy(wdev->wiphy);
1832
1833 switch (wdev->iftype) {
1834 case NL80211_IFTYPE_AP:
1835 case NL80211_IFTYPE_AP_VLAN:
1836 case NL80211_IFTYPE_P2P_GO:
1837 case NL80211_IFTYPE_MESH_POINT:
1838 break;
1839 case NL80211_IFTYPE_ADHOC:
1840 if (wdev->u.ibss.current_bss)
1841 return 0;
1842 return -ENOLINK;
1843 case NL80211_IFTYPE_STATION:
1844 case NL80211_IFTYPE_P2P_CLIENT:
1845 if (wdev->connected ||
1846 (wiphy_ext_feature_isset(wdev->wiphy,
1847 NL80211_EXT_FEATURE_ASSOC_FRAME_ENCRYPTION)))
1848 return 0;
1849 return -ENOLINK;
1850 case NL80211_IFTYPE_NAN:
1851 case NL80211_IFTYPE_NAN_DATA:
1852 if (wiphy_ext_feature_isset(wdev->wiphy,
1853 NL80211_EXT_FEATURE_SECURE_NAN))
1854 return 0;
1855 return -EINVAL;
1856 case NL80211_IFTYPE_UNSPECIFIED:
1857 case NL80211_IFTYPE_OCB:
1858 case NL80211_IFTYPE_MONITOR:
1859 case NL80211_IFTYPE_P2P_DEVICE:
1860 case NL80211_IFTYPE_WDS:
1861 case NUM_NL80211_IFTYPES:
1862 return -EINVAL;
1863 }
1864
1865 return 0;
1866 }
1867
nl80211_get_valid_chan(struct wiphy * wiphy,u32 freq)1868 static struct ieee80211_channel *nl80211_get_valid_chan(struct wiphy *wiphy,
1869 u32 freq)
1870 {
1871 struct ieee80211_channel *chan;
1872
1873 chan = ieee80211_get_channel_khz(wiphy, freq);
1874 if (!chan || chan->flags & IEEE80211_CHAN_DISABLED)
1875 return NULL;
1876 return chan;
1877 }
1878
nl80211_put_iftypes(struct sk_buff * msg,u32 attr,u16 ifmodes)1879 static int nl80211_put_iftypes(struct sk_buff *msg, u32 attr, u16 ifmodes)
1880 {
1881 struct nlattr *nl_modes = nla_nest_start_noflag(msg, attr);
1882 int i;
1883
1884 if (!nl_modes)
1885 goto nla_put_failure;
1886
1887 i = 0;
1888 while (ifmodes) {
1889 if ((ifmodes & 1) && nla_put_flag(msg, i))
1890 goto nla_put_failure;
1891 ifmodes >>= 1;
1892 i++;
1893 }
1894
1895 nla_nest_end(msg, nl_modes);
1896 return 0;
1897
1898 nla_put_failure:
1899 return -ENOBUFS;
1900 }
1901
nl80211_put_ifcomb_data(struct sk_buff * msg,bool large,int idx,const struct ieee80211_iface_combination * c,u16 nested)1902 static int nl80211_put_ifcomb_data(struct sk_buff *msg, bool large, int idx,
1903 const struct ieee80211_iface_combination *c,
1904 u16 nested)
1905 {
1906 struct nlattr *nl_combi, *nl_limits;
1907 int i;
1908
1909 nl_combi = nla_nest_start_noflag(msg, idx | nested);
1910 if (!nl_combi)
1911 goto nla_put_failure;
1912
1913 nl_limits = nla_nest_start_noflag(msg, NL80211_IFACE_COMB_LIMITS |
1914 nested);
1915 if (!nl_limits)
1916 goto nla_put_failure;
1917
1918 for (i = 0; i < c->n_limits; i++) {
1919 struct nlattr *nl_limit;
1920
1921 nl_limit = nla_nest_start_noflag(msg, i + 1);
1922 if (!nl_limit)
1923 goto nla_put_failure;
1924 if (nla_put_u32(msg, NL80211_IFACE_LIMIT_MAX, c->limits[i].max))
1925 goto nla_put_failure;
1926 if (nl80211_put_iftypes(msg, NL80211_IFACE_LIMIT_TYPES,
1927 c->limits[i].types))
1928 goto nla_put_failure;
1929 nla_nest_end(msg, nl_limit);
1930 }
1931
1932 nla_nest_end(msg, nl_limits);
1933
1934 if (c->beacon_int_infra_match &&
1935 nla_put_flag(msg, NL80211_IFACE_COMB_STA_AP_BI_MATCH))
1936 goto nla_put_failure;
1937 if (nla_put_u32(msg, NL80211_IFACE_COMB_NUM_CHANNELS,
1938 c->num_different_channels) ||
1939 nla_put_u32(msg, NL80211_IFACE_COMB_MAXNUM,
1940 c->max_interfaces))
1941 goto nla_put_failure;
1942 if (large &&
1943 (nla_put_u32(msg, NL80211_IFACE_COMB_RADAR_DETECT_WIDTHS,
1944 c->radar_detect_widths) ||
1945 nla_put_u32(msg, NL80211_IFACE_COMB_RADAR_DETECT_REGIONS,
1946 c->radar_detect_regions)))
1947 goto nla_put_failure;
1948 if (c->beacon_int_min_gcd &&
1949 nla_put_u32(msg, NL80211_IFACE_COMB_BI_MIN_GCD,
1950 c->beacon_int_min_gcd))
1951 goto nla_put_failure;
1952
1953 nla_nest_end(msg, nl_combi);
1954
1955 return 0;
1956 nla_put_failure:
1957 return -ENOBUFS;
1958 }
1959
nl80211_put_iface_combinations(struct wiphy * wiphy,struct sk_buff * msg,int attr,int radio,bool large,u16 nested)1960 static int nl80211_put_iface_combinations(struct wiphy *wiphy,
1961 struct sk_buff *msg,
1962 int attr, int radio,
1963 bool large, u16 nested)
1964 {
1965 const struct ieee80211_iface_combination *c;
1966 struct nlattr *nl_combis;
1967 int i, n;
1968
1969 nl_combis = nla_nest_start_noflag(msg, attr | nested);
1970 if (!nl_combis)
1971 goto nla_put_failure;
1972
1973 if (radio >= 0) {
1974 c = wiphy->radio[0].iface_combinations;
1975 n = wiphy->radio[0].n_iface_combinations;
1976 } else {
1977 c = wiphy->iface_combinations;
1978 n = wiphy->n_iface_combinations;
1979 }
1980 for (i = 0; i < n; i++)
1981 if (nl80211_put_ifcomb_data(msg, large, i + 1, &c[i], nested))
1982 goto nla_put_failure;
1983
1984 nla_nest_end(msg, nl_combis);
1985
1986 return 0;
1987 nla_put_failure:
1988 return -ENOBUFS;
1989 }
1990
1991 #ifdef CONFIG_PM
nl80211_send_wowlan_tcp_caps(struct cfg80211_registered_device * rdev,struct sk_buff * msg)1992 static int nl80211_send_wowlan_tcp_caps(struct cfg80211_registered_device *rdev,
1993 struct sk_buff *msg)
1994 {
1995 const struct wiphy_wowlan_tcp_support *tcp = rdev->wiphy.wowlan->tcp;
1996 struct nlattr *nl_tcp;
1997
1998 if (!tcp)
1999 return 0;
2000
2001 nl_tcp = nla_nest_start_noflag(msg,
2002 NL80211_WOWLAN_TRIG_TCP_CONNECTION);
2003 if (!nl_tcp)
2004 return -ENOBUFS;
2005
2006 if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
2007 tcp->data_payload_max))
2008 return -ENOBUFS;
2009
2010 if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
2011 tcp->data_payload_max))
2012 return -ENOBUFS;
2013
2014 if (tcp->seq && nla_put_flag(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ))
2015 return -ENOBUFS;
2016
2017 if (tcp->tok && nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN,
2018 sizeof(*tcp->tok), tcp->tok))
2019 return -ENOBUFS;
2020
2021 if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_INTERVAL,
2022 tcp->data_interval_max))
2023 return -ENOBUFS;
2024
2025 if (nla_put_u32(msg, NL80211_WOWLAN_TCP_WAKE_PAYLOAD,
2026 tcp->wake_payload_max))
2027 return -ENOBUFS;
2028
2029 nla_nest_end(msg, nl_tcp);
2030 return 0;
2031 }
2032
nl80211_send_wowlan(struct sk_buff * msg,struct cfg80211_registered_device * rdev,bool large)2033 static int nl80211_send_wowlan(struct sk_buff *msg,
2034 struct cfg80211_registered_device *rdev,
2035 bool large)
2036 {
2037 struct nlattr *nl_wowlan;
2038
2039 if (!rdev->wiphy.wowlan)
2040 return 0;
2041
2042 nl_wowlan = nla_nest_start_noflag(msg,
2043 NL80211_ATTR_WOWLAN_TRIGGERS_SUPPORTED);
2044 if (!nl_wowlan)
2045 return -ENOBUFS;
2046
2047 if (((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_ANY) &&
2048 nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) ||
2049 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_DISCONNECT) &&
2050 nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) ||
2051 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_MAGIC_PKT) &&
2052 nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) ||
2053 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_SUPPORTS_GTK_REKEY) &&
2054 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED)) ||
2055 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE) &&
2056 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) ||
2057 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ) &&
2058 nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) ||
2059 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_4WAY_HANDSHAKE) &&
2060 nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) ||
2061 ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_RFKILL_RELEASE) &&
2062 nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE)))
2063 return -ENOBUFS;
2064
2065 if (rdev->wiphy.wowlan->n_patterns) {
2066 struct nl80211_pattern_support pat = {
2067 .max_patterns = rdev->wiphy.wowlan->n_patterns,
2068 .min_pattern_len = rdev->wiphy.wowlan->pattern_min_len,
2069 .max_pattern_len = rdev->wiphy.wowlan->pattern_max_len,
2070 .max_pkt_offset = rdev->wiphy.wowlan->max_pkt_offset,
2071 };
2072
2073 if (nla_put(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN,
2074 sizeof(pat), &pat))
2075 return -ENOBUFS;
2076 }
2077
2078 if ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_NET_DETECT) &&
2079 nla_put_u32(msg, NL80211_WOWLAN_TRIG_NET_DETECT,
2080 rdev->wiphy.wowlan->max_nd_match_sets))
2081 return -ENOBUFS;
2082
2083 if (large && nl80211_send_wowlan_tcp_caps(rdev, msg))
2084 return -ENOBUFS;
2085
2086 nla_nest_end(msg, nl_wowlan);
2087
2088 return 0;
2089 }
2090 #endif
2091
nl80211_send_coalesce(struct sk_buff * msg,struct cfg80211_registered_device * rdev)2092 static int nl80211_send_coalesce(struct sk_buff *msg,
2093 struct cfg80211_registered_device *rdev)
2094 {
2095 struct nl80211_coalesce_rule_support rule;
2096
2097 if (!rdev->wiphy.coalesce)
2098 return 0;
2099
2100 rule.max_rules = rdev->wiphy.coalesce->n_rules;
2101 rule.max_delay = rdev->wiphy.coalesce->max_delay;
2102 rule.pat.max_patterns = rdev->wiphy.coalesce->n_patterns;
2103 rule.pat.min_pattern_len = rdev->wiphy.coalesce->pattern_min_len;
2104 rule.pat.max_pattern_len = rdev->wiphy.coalesce->pattern_max_len;
2105 rule.pat.max_pkt_offset = rdev->wiphy.coalesce->max_pkt_offset;
2106
2107 if (nla_put(msg, NL80211_ATTR_COALESCE_RULE, sizeof(rule), &rule))
2108 return -ENOBUFS;
2109
2110 return 0;
2111 }
2112
2113 static int
nl80211_send_iftype_data(struct sk_buff * msg,const struct ieee80211_supported_band * sband,const struct ieee80211_sband_iftype_data * iftdata)2114 nl80211_send_iftype_data(struct sk_buff *msg,
2115 const struct ieee80211_supported_band *sband,
2116 const struct ieee80211_sband_iftype_data *iftdata)
2117 {
2118 const struct ieee80211_sta_he_cap *he_cap = &iftdata->he_cap;
2119 const struct ieee80211_sta_eht_cap *eht_cap = &iftdata->eht_cap;
2120 const struct ieee80211_sta_uhr_cap *uhr_cap = &iftdata->uhr_cap;
2121
2122 if (nl80211_put_iftypes(msg, NL80211_BAND_IFTYPE_ATTR_IFTYPES,
2123 iftdata->types_mask))
2124 return -ENOBUFS;
2125
2126 if (he_cap->has_he) {
2127 if (nla_put(msg, NL80211_BAND_IFTYPE_ATTR_HE_CAP_MAC,
2128 sizeof(he_cap->he_cap_elem.mac_cap_info),
2129 he_cap->he_cap_elem.mac_cap_info) ||
2130 nla_put(msg, NL80211_BAND_IFTYPE_ATTR_HE_CAP_PHY,
2131 sizeof(he_cap->he_cap_elem.phy_cap_info),
2132 he_cap->he_cap_elem.phy_cap_info) ||
2133 nla_put(msg, NL80211_BAND_IFTYPE_ATTR_HE_CAP_MCS_SET,
2134 sizeof(he_cap->he_mcs_nss_supp),
2135 &he_cap->he_mcs_nss_supp) ||
2136 nla_put(msg, NL80211_BAND_IFTYPE_ATTR_HE_CAP_PPE,
2137 sizeof(he_cap->ppe_thres), he_cap->ppe_thres))
2138 return -ENOBUFS;
2139 }
2140
2141 if (eht_cap->has_eht && he_cap->has_he) {
2142 u8 mcs_nss_size, ppe_thresh_size;
2143 u16 ppe_thres_hdr;
2144 bool is_ap;
2145
2146 is_ap = iftdata->types_mask & BIT(NL80211_IFTYPE_AP) ||
2147 iftdata->types_mask & BIT(NL80211_IFTYPE_P2P_GO);
2148
2149 mcs_nss_size =
2150 ieee80211_eht_mcs_nss_size(&he_cap->he_cap_elem,
2151 &eht_cap->eht_cap_elem,
2152 is_ap);
2153
2154 ppe_thres_hdr = get_unaligned_le16(&eht_cap->eht_ppe_thres[0]);
2155 ppe_thresh_size =
2156 ieee80211_eht_ppe_size(ppe_thres_hdr,
2157 eht_cap->eht_cap_elem.phy_cap_info);
2158
2159 if (nla_put(msg, NL80211_BAND_IFTYPE_ATTR_EHT_CAP_MAC,
2160 sizeof(eht_cap->eht_cap_elem.mac_cap_info),
2161 eht_cap->eht_cap_elem.mac_cap_info) ||
2162 nla_put(msg, NL80211_BAND_IFTYPE_ATTR_EHT_CAP_PHY,
2163 sizeof(eht_cap->eht_cap_elem.phy_cap_info),
2164 eht_cap->eht_cap_elem.phy_cap_info) ||
2165 nla_put(msg, NL80211_BAND_IFTYPE_ATTR_EHT_CAP_MCS_SET,
2166 mcs_nss_size, &eht_cap->eht_mcs_nss_supp) ||
2167 nla_put(msg, NL80211_BAND_IFTYPE_ATTR_EHT_CAP_PPE,
2168 ppe_thresh_size, eht_cap->eht_ppe_thres))
2169 return -ENOBUFS;
2170 }
2171
2172 if (uhr_cap->has_uhr) {
2173 if (nla_put(msg, NL80211_BAND_IFTYPE_ATTR_UHR_CAP_MAC,
2174 sizeof(uhr_cap->mac), &uhr_cap->mac) ||
2175 nla_put(msg, NL80211_BAND_IFTYPE_ATTR_UHR_CAP_PHY,
2176 sizeof(uhr_cap->phy), &uhr_cap->phy))
2177 return -ENOBUFS;
2178 }
2179
2180 if (sband->band == NL80211_BAND_6GHZ &&
2181 nla_put(msg, NL80211_BAND_IFTYPE_ATTR_HE_6GHZ_CAPA,
2182 sizeof(iftdata->he_6ghz_capa),
2183 &iftdata->he_6ghz_capa))
2184 return -ENOBUFS;
2185
2186 if (iftdata->vendor_elems.data && iftdata->vendor_elems.len &&
2187 nla_put(msg, NL80211_BAND_IFTYPE_ATTR_VENDOR_ELEMS,
2188 iftdata->vendor_elems.len, iftdata->vendor_elems.data))
2189 return -ENOBUFS;
2190
2191 return 0;
2192 }
2193
nl80211_send_band_rateinfo(struct sk_buff * msg,struct ieee80211_supported_band * sband,bool large)2194 static int nl80211_send_band_rateinfo(struct sk_buff *msg,
2195 struct ieee80211_supported_band *sband,
2196 bool large)
2197 {
2198 struct nlattr *nl_rates, *nl_rate;
2199 struct ieee80211_rate *rate;
2200 int i;
2201
2202 /* add HT info */
2203 if (sband->ht_cap.ht_supported &&
2204 (nla_put(msg, NL80211_BAND_ATTR_HT_MCS_SET,
2205 sizeof(sband->ht_cap.mcs),
2206 &sband->ht_cap.mcs) ||
2207 nla_put_u16(msg, NL80211_BAND_ATTR_HT_CAPA,
2208 sband->ht_cap.cap) ||
2209 nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_FACTOR,
2210 sband->ht_cap.ampdu_factor) ||
2211 nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_DENSITY,
2212 sband->ht_cap.ampdu_density)))
2213 return -ENOBUFS;
2214
2215 /* add VHT info */
2216 if (sband->vht_cap.vht_supported &&
2217 (nla_put(msg, NL80211_BAND_ATTR_VHT_MCS_SET,
2218 sizeof(sband->vht_cap.vht_mcs),
2219 &sband->vht_cap.vht_mcs) ||
2220 nla_put_u32(msg, NL80211_BAND_ATTR_VHT_CAPA,
2221 sband->vht_cap.cap)))
2222 return -ENOBUFS;
2223
2224 if (large && sband->n_iftype_data) {
2225 struct nlattr *nl_iftype_data =
2226 nla_nest_start_noflag(msg,
2227 NL80211_BAND_ATTR_IFTYPE_DATA);
2228 const struct ieee80211_sband_iftype_data *iftd;
2229 int err;
2230
2231 if (!nl_iftype_data)
2232 return -ENOBUFS;
2233
2234 for_each_sband_iftype_data(sband, i, iftd) {
2235 struct nlattr *iftdata;
2236
2237 iftdata = nla_nest_start_noflag(msg, i + 1);
2238 if (!iftdata)
2239 return -ENOBUFS;
2240
2241 err = nl80211_send_iftype_data(msg, sband, iftd);
2242 if (err)
2243 return err;
2244
2245 nla_nest_end(msg, iftdata);
2246 }
2247
2248 nla_nest_end(msg, nl_iftype_data);
2249 }
2250
2251 /* add EDMG info */
2252 if (large && sband->edmg_cap.channels &&
2253 (nla_put_u8(msg, NL80211_BAND_ATTR_EDMG_CHANNELS,
2254 sband->edmg_cap.channels) ||
2255 nla_put_u8(msg, NL80211_BAND_ATTR_EDMG_BW_CONFIG,
2256 sband->edmg_cap.bw_config)))
2257
2258 return -ENOBUFS;
2259
2260 /* add bitrates */
2261 nl_rates = nla_nest_start_noflag(msg, NL80211_BAND_ATTR_RATES);
2262 if (!nl_rates)
2263 return -ENOBUFS;
2264
2265 for (i = 0; i < sband->n_bitrates; i++) {
2266 nl_rate = nla_nest_start_noflag(msg, i);
2267 if (!nl_rate)
2268 return -ENOBUFS;
2269
2270 rate = &sband->bitrates[i];
2271 if (nla_put_u32(msg, NL80211_BITRATE_ATTR_RATE,
2272 rate->bitrate))
2273 return -ENOBUFS;
2274 if ((rate->flags & IEEE80211_RATE_SHORT_PREAMBLE) &&
2275 nla_put_flag(msg,
2276 NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE))
2277 return -ENOBUFS;
2278
2279 nla_nest_end(msg, nl_rate);
2280 }
2281
2282 nla_nest_end(msg, nl_rates);
2283
2284 /* S1G capabilities */
2285 if (sband->band == NL80211_BAND_S1GHZ && sband->s1g_cap.s1g &&
2286 (nla_put(msg, NL80211_BAND_ATTR_S1G_CAPA,
2287 sizeof(sband->s1g_cap.cap),
2288 sband->s1g_cap.cap) ||
2289 nla_put(msg, NL80211_BAND_ATTR_S1G_MCS_NSS_SET,
2290 sizeof(sband->s1g_cap.nss_mcs),
2291 sband->s1g_cap.nss_mcs)))
2292 return -ENOBUFS;
2293
2294 return 0;
2295 }
2296
2297 static int
nl80211_send_mgmt_stypes(struct sk_buff * msg,const struct ieee80211_txrx_stypes * mgmt_stypes)2298 nl80211_send_mgmt_stypes(struct sk_buff *msg,
2299 const struct ieee80211_txrx_stypes *mgmt_stypes)
2300 {
2301 u16 stypes;
2302 struct nlattr *nl_ftypes, *nl_ifs;
2303 enum nl80211_iftype ift;
2304 int i;
2305
2306 if (!mgmt_stypes)
2307 return 0;
2308
2309 nl_ifs = nla_nest_start_noflag(msg, NL80211_ATTR_TX_FRAME_TYPES);
2310 if (!nl_ifs)
2311 return -ENOBUFS;
2312
2313 for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) {
2314 nl_ftypes = nla_nest_start_noflag(msg, ift);
2315 if (!nl_ftypes)
2316 return -ENOBUFS;
2317 i = 0;
2318 stypes = mgmt_stypes[ift].tx;
2319 while (stypes) {
2320 if ((stypes & 1) &&
2321 nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE,
2322 (i << 4) | IEEE80211_FTYPE_MGMT))
2323 return -ENOBUFS;
2324 stypes >>= 1;
2325 i++;
2326 }
2327 nla_nest_end(msg, nl_ftypes);
2328 }
2329
2330 nla_nest_end(msg, nl_ifs);
2331
2332 nl_ifs = nla_nest_start_noflag(msg, NL80211_ATTR_RX_FRAME_TYPES);
2333 if (!nl_ifs)
2334 return -ENOBUFS;
2335
2336 for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) {
2337 nl_ftypes = nla_nest_start_noflag(msg, ift);
2338 if (!nl_ftypes)
2339 return -ENOBUFS;
2340 i = 0;
2341 stypes = mgmt_stypes[ift].rx;
2342 while (stypes) {
2343 if ((stypes & 1) &&
2344 nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE,
2345 (i << 4) | IEEE80211_FTYPE_MGMT))
2346 return -ENOBUFS;
2347 stypes >>= 1;
2348 i++;
2349 }
2350 nla_nest_end(msg, nl_ftypes);
2351 }
2352 nla_nest_end(msg, nl_ifs);
2353
2354 return 0;
2355 }
2356
2357 #define CMD(op, n) \
2358 do { \
2359 if (rdev->ops->op) { \
2360 i++; \
2361 if (nla_put_u32(msg, i, NL80211_CMD_ ## n)) \
2362 goto nla_put_failure; \
2363 } \
2364 } while (0)
2365
nl80211_add_commands_unsplit(struct cfg80211_registered_device * rdev,struct sk_buff * msg)2366 static int nl80211_add_commands_unsplit(struct cfg80211_registered_device *rdev,
2367 struct sk_buff *msg)
2368 {
2369 int i = 0;
2370
2371 /*
2372 * do *NOT* add anything into this function, new things need to be
2373 * advertised only to new versions of userspace that can deal with
2374 * the split (and they can't possibly care about new features...
2375 */
2376 CMD(add_virtual_intf, NEW_INTERFACE);
2377 CMD(change_virtual_intf, SET_INTERFACE);
2378 CMD(add_key, NEW_KEY);
2379 CMD(start_ap, START_AP);
2380 CMD(add_station, NEW_STATION);
2381 CMD(add_mpath, NEW_MPATH);
2382 CMD(update_mesh_config, SET_MESH_CONFIG);
2383 CMD(change_bss, SET_BSS);
2384 CMD(auth, AUTHENTICATE);
2385 CMD(assoc, ASSOCIATE);
2386 CMD(deauth, DEAUTHENTICATE);
2387 CMD(disassoc, DISASSOCIATE);
2388 CMD(join_ibss, JOIN_IBSS);
2389 CMD(join_mesh, JOIN_MESH);
2390 CMD(set_pmksa, SET_PMKSA);
2391 CMD(del_pmksa, DEL_PMKSA);
2392 CMD(flush_pmksa, FLUSH_PMKSA);
2393 if (rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL)
2394 CMD(remain_on_channel, REMAIN_ON_CHANNEL);
2395 CMD(set_bitrate_mask, SET_TX_BITRATE_MASK);
2396 CMD(mgmt_tx, FRAME);
2397 CMD(mgmt_tx_cancel_wait, FRAME_WAIT_CANCEL);
2398 if (rdev->wiphy.flags & WIPHY_FLAG_NETNS_OK) {
2399 i++;
2400 if (nla_put_u32(msg, i, NL80211_CMD_SET_WIPHY_NETNS))
2401 goto nla_put_failure;
2402 }
2403 if (rdev->ops->set_monitor_channel || rdev->ops->start_ap ||
2404 rdev->ops->join_mesh) {
2405 i++;
2406 if (nla_put_u32(msg, i, NL80211_CMD_SET_CHANNEL))
2407 goto nla_put_failure;
2408 }
2409 if (rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) {
2410 CMD(tdls_mgmt, TDLS_MGMT);
2411 CMD(tdls_oper, TDLS_OPER);
2412 }
2413 if (rdev->wiphy.max_sched_scan_reqs)
2414 CMD(sched_scan_start, START_SCHED_SCAN);
2415 CMD(probe_client, PROBE_CLIENT);
2416 CMD(set_noack_map, SET_NOACK_MAP);
2417 if (rdev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS) {
2418 i++;
2419 if (nla_put_u32(msg, i, NL80211_CMD_REGISTER_BEACONS))
2420 goto nla_put_failure;
2421 }
2422 CMD(start_p2p_device, START_P2P_DEVICE);
2423 CMD(set_mcast_rate, SET_MCAST_RATE);
2424 #ifdef CONFIG_NL80211_TESTMODE
2425 CMD(testmode_cmd, TESTMODE);
2426 #endif
2427
2428 if (rdev->ops->connect || rdev->ops->auth) {
2429 i++;
2430 if (nla_put_u32(msg, i, NL80211_CMD_CONNECT))
2431 goto nla_put_failure;
2432 }
2433
2434 if (rdev->ops->disconnect || rdev->ops->deauth) {
2435 i++;
2436 if (nla_put_u32(msg, i, NL80211_CMD_DISCONNECT))
2437 goto nla_put_failure;
2438 }
2439
2440 return i;
2441 nla_put_failure:
2442 return -ENOBUFS;
2443 }
2444
2445 static int
nl80211_send_pmsr_ftm_capa(const struct cfg80211_pmsr_capabilities * cap,struct sk_buff * msg)2446 nl80211_send_pmsr_ftm_capa(const struct cfg80211_pmsr_capabilities *cap,
2447 struct sk_buff *msg)
2448 {
2449 struct nlattr *ftm;
2450
2451 if (!cap->ftm.supported)
2452 return 0;
2453
2454 ftm = nla_nest_start_noflag(msg, NL80211_PMSR_TYPE_FTM);
2455 if (!ftm)
2456 return -ENOBUFS;
2457
2458 if (cap->ftm.asap && nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_ASAP))
2459 return -ENOBUFS;
2460 if (cap->ftm.non_asap &&
2461 nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_NON_ASAP))
2462 return -ENOBUFS;
2463 if (cap->ftm.request_lci &&
2464 nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_REQ_LCI))
2465 return -ENOBUFS;
2466 if (cap->ftm.request_civicloc &&
2467 nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_REQ_CIVICLOC))
2468 return -ENOBUFS;
2469 if (nla_put_u32(msg, NL80211_PMSR_FTM_CAPA_ATTR_PREAMBLES,
2470 cap->ftm.preambles))
2471 return -ENOBUFS;
2472 if (nla_put_u32(msg, NL80211_PMSR_FTM_CAPA_ATTR_BANDWIDTHS,
2473 cap->ftm.bandwidths))
2474 return -ENOBUFS;
2475 if (cap->ftm.max_bursts_exponent >= 0 &&
2476 nla_put_u32(msg, NL80211_PMSR_FTM_CAPA_ATTR_MAX_BURSTS_EXPONENT,
2477 cap->ftm.max_bursts_exponent))
2478 return -ENOBUFS;
2479 if (cap->ftm.max_ftms_per_burst &&
2480 nla_put_u32(msg, NL80211_PMSR_FTM_CAPA_ATTR_MAX_FTMS_PER_BURST,
2481 cap->ftm.max_ftms_per_burst))
2482 return -ENOBUFS;
2483 if (cap->ftm.trigger_based &&
2484 nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_TRIGGER_BASED))
2485 return -ENOBUFS;
2486 if (cap->ftm.non_trigger_based &&
2487 nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_NON_TRIGGER_BASED))
2488 return -ENOBUFS;
2489 if (cap->ftm.support_6ghz &&
2490 nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_6GHZ_SUPPORT))
2491 return -ENOBUFS;
2492 if (nla_put_u32(msg, NL80211_PMSR_FTM_CAPA_ATTR_MAX_TX_LTF_REP,
2493 cap->ftm.max_tx_ltf_rep))
2494 return -ENOBUFS;
2495 if (nla_put_u32(msg, NL80211_PMSR_FTM_CAPA_ATTR_MAX_RX_LTF_REP,
2496 cap->ftm.max_rx_ltf_rep))
2497 return -ENOBUFS;
2498 if (nla_put_u32(msg, NL80211_PMSR_FTM_CAPA_ATTR_MAX_TX_STS,
2499 cap->ftm.max_tx_sts))
2500 return -ENOBUFS;
2501 if (nla_put_u32(msg, NL80211_PMSR_FTM_CAPA_ATTR_MAX_RX_STS,
2502 cap->ftm.max_rx_sts))
2503 return -ENOBUFS;
2504 if (cap->ftm.max_total_ltf_tx > 0 &&
2505 nla_put_u32(msg, NL80211_PMSR_FTM_CAPA_ATTR_MAX_TOTAL_LTF_TX,
2506 cap->ftm.max_total_ltf_tx))
2507 return -ENOBUFS;
2508 if (cap->ftm.max_total_ltf_rx > 0 &&
2509 nla_put_u32(msg, NL80211_PMSR_FTM_CAPA_ATTR_MAX_TOTAL_LTF_RX,
2510 cap->ftm.max_total_ltf_rx))
2511 return -ENOBUFS;
2512 if (cap->ftm.support_rsta &&
2513 nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_RSTA_SUPPORT))
2514 return -ENOBUFS;
2515
2516 nla_nest_end(msg, ftm);
2517 return 0;
2518 }
2519
nl80211_send_pmsr_capa(struct cfg80211_registered_device * rdev,struct sk_buff * msg)2520 static int nl80211_send_pmsr_capa(struct cfg80211_registered_device *rdev,
2521 struct sk_buff *msg)
2522 {
2523 const struct cfg80211_pmsr_capabilities *cap = rdev->wiphy.pmsr_capa;
2524 struct nlattr *pmsr, *caps;
2525
2526 if (!cap)
2527 return 0;
2528
2529 /*
2530 * we don't need to clean up anything here since the caller
2531 * will genlmsg_cancel() if we fail
2532 */
2533
2534 pmsr = nla_nest_start_noflag(msg, NL80211_ATTR_PEER_MEASUREMENTS);
2535 if (!pmsr)
2536 return -ENOBUFS;
2537
2538 if (nla_put_u32(msg, NL80211_PMSR_ATTR_MAX_PEERS, cap->max_peers))
2539 return -ENOBUFS;
2540
2541 if (cap->report_ap_tsf &&
2542 nla_put_flag(msg, NL80211_PMSR_ATTR_REPORT_AP_TSF))
2543 return -ENOBUFS;
2544
2545 if (cap->randomize_mac_addr &&
2546 nla_put_flag(msg, NL80211_PMSR_ATTR_RANDOMIZE_MAC_ADDR))
2547 return -ENOBUFS;
2548
2549 caps = nla_nest_start_noflag(msg, NL80211_PMSR_ATTR_TYPE_CAPA);
2550 if (!caps)
2551 return -ENOBUFS;
2552
2553 if (nl80211_send_pmsr_ftm_capa(cap, msg))
2554 return -ENOBUFS;
2555
2556 nla_nest_end(msg, caps);
2557 nla_nest_end(msg, pmsr);
2558
2559 return 0;
2560 }
2561
2562 static int
nl80211_put_iftype_akm_suites(struct cfg80211_registered_device * rdev,struct sk_buff * msg)2563 nl80211_put_iftype_akm_suites(struct cfg80211_registered_device *rdev,
2564 struct sk_buff *msg)
2565 {
2566 int i;
2567 struct nlattr *nested, *nested_akms;
2568 const struct wiphy_iftype_akm_suites *iftype_akms;
2569
2570 if (!rdev->wiphy.num_iftype_akm_suites ||
2571 !rdev->wiphy.iftype_akm_suites)
2572 return 0;
2573
2574 nested = nla_nest_start(msg, NL80211_ATTR_IFTYPE_AKM_SUITES);
2575 if (!nested)
2576 return -ENOBUFS;
2577
2578 for (i = 0; i < rdev->wiphy.num_iftype_akm_suites; i++) {
2579 nested_akms = nla_nest_start(msg, i + 1);
2580 if (!nested_akms)
2581 return -ENOBUFS;
2582
2583 iftype_akms = &rdev->wiphy.iftype_akm_suites[i];
2584
2585 if (nl80211_put_iftypes(msg, NL80211_IFTYPE_AKM_ATTR_IFTYPES,
2586 iftype_akms->iftypes_mask))
2587 return -ENOBUFS;
2588
2589 if (nla_put(msg, NL80211_IFTYPE_AKM_ATTR_SUITES,
2590 sizeof(u32) * iftype_akms->n_akm_suites,
2591 iftype_akms->akm_suites)) {
2592 return -ENOBUFS;
2593 }
2594 nla_nest_end(msg, nested_akms);
2595 }
2596
2597 nla_nest_end(msg, nested);
2598
2599 return 0;
2600 }
2601
2602 static int
nl80211_put_tid_config_support(struct cfg80211_registered_device * rdev,struct sk_buff * msg)2603 nl80211_put_tid_config_support(struct cfg80211_registered_device *rdev,
2604 struct sk_buff *msg)
2605 {
2606 struct nlattr *supp;
2607
2608 if (!rdev->wiphy.tid_config_support.vif &&
2609 !rdev->wiphy.tid_config_support.peer)
2610 return 0;
2611
2612 supp = nla_nest_start(msg, NL80211_ATTR_TID_CONFIG);
2613 if (!supp)
2614 return -ENOSPC;
2615
2616 if (rdev->wiphy.tid_config_support.vif &&
2617 nla_put_u64_64bit(msg, NL80211_TID_CONFIG_ATTR_VIF_SUPP,
2618 rdev->wiphy.tid_config_support.vif,
2619 NL80211_TID_CONFIG_ATTR_PAD))
2620 goto fail;
2621
2622 if (rdev->wiphy.tid_config_support.peer &&
2623 nla_put_u64_64bit(msg, NL80211_TID_CONFIG_ATTR_PEER_SUPP,
2624 rdev->wiphy.tid_config_support.peer,
2625 NL80211_TID_CONFIG_ATTR_PAD))
2626 goto fail;
2627
2628 /* for now we just use the same value ... makes more sense */
2629 if (nla_put_u8(msg, NL80211_TID_CONFIG_ATTR_RETRY_SHORT,
2630 rdev->wiphy.tid_config_support.max_retry))
2631 goto fail;
2632 if (nla_put_u8(msg, NL80211_TID_CONFIG_ATTR_RETRY_LONG,
2633 rdev->wiphy.tid_config_support.max_retry))
2634 goto fail;
2635
2636 nla_nest_end(msg, supp);
2637
2638 return 0;
2639 fail:
2640 nla_nest_cancel(msg, supp);
2641 return -ENOBUFS;
2642 }
2643
2644 static int
nl80211_put_sar_specs(struct cfg80211_registered_device * rdev,struct sk_buff * msg)2645 nl80211_put_sar_specs(struct cfg80211_registered_device *rdev,
2646 struct sk_buff *msg)
2647 {
2648 struct nlattr *sar_capa, *specs, *sub_freq_range;
2649 u8 num_freq_ranges;
2650 int i;
2651
2652 if (!rdev->wiphy.sar_capa)
2653 return 0;
2654
2655 num_freq_ranges = rdev->wiphy.sar_capa->num_freq_ranges;
2656
2657 sar_capa = nla_nest_start(msg, NL80211_ATTR_SAR_SPEC);
2658 if (!sar_capa)
2659 return -ENOSPC;
2660
2661 if (nla_put_u32(msg, NL80211_SAR_ATTR_TYPE, rdev->wiphy.sar_capa->type))
2662 goto fail;
2663
2664 specs = nla_nest_start(msg, NL80211_SAR_ATTR_SPECS);
2665 if (!specs)
2666 goto fail;
2667
2668 /* report supported freq_ranges */
2669 for (i = 0; i < num_freq_ranges; i++) {
2670 sub_freq_range = nla_nest_start(msg, i + 1);
2671 if (!sub_freq_range)
2672 goto fail;
2673
2674 if (nla_put_u32(msg, NL80211_SAR_ATTR_SPECS_START_FREQ,
2675 rdev->wiphy.sar_capa->freq_ranges[i].start_freq))
2676 goto fail;
2677
2678 if (nla_put_u32(msg, NL80211_SAR_ATTR_SPECS_END_FREQ,
2679 rdev->wiphy.sar_capa->freq_ranges[i].end_freq))
2680 goto fail;
2681
2682 nla_nest_end(msg, sub_freq_range);
2683 }
2684
2685 nla_nest_end(msg, specs);
2686 nla_nest_end(msg, sar_capa);
2687
2688 return 0;
2689 fail:
2690 nla_nest_cancel(msg, sar_capa);
2691 return -ENOBUFS;
2692 }
2693
nl80211_put_mbssid_support(struct wiphy * wiphy,struct sk_buff * msg)2694 static int nl80211_put_mbssid_support(struct wiphy *wiphy, struct sk_buff *msg)
2695 {
2696 struct nlattr *config;
2697
2698 if (!wiphy->mbssid_max_interfaces)
2699 return 0;
2700
2701 config = nla_nest_start(msg, NL80211_ATTR_MBSSID_CONFIG);
2702 if (!config)
2703 return -ENOBUFS;
2704
2705 if (nla_put_u8(msg, NL80211_MBSSID_CONFIG_ATTR_MAX_INTERFACES,
2706 wiphy->mbssid_max_interfaces))
2707 goto fail;
2708
2709 if (wiphy->ema_max_profile_periodicity &&
2710 nla_put_u8(msg,
2711 NL80211_MBSSID_CONFIG_ATTR_MAX_EMA_PROFILE_PERIODICITY,
2712 wiphy->ema_max_profile_periodicity))
2713 goto fail;
2714
2715 nla_nest_end(msg, config);
2716 return 0;
2717
2718 fail:
2719 nla_nest_cancel(msg, config);
2720 return -ENOBUFS;
2721 }
2722
nl80211_put_radio(struct wiphy * wiphy,struct sk_buff * msg,int idx)2723 static int nl80211_put_radio(struct wiphy *wiphy, struct sk_buff *msg, int idx)
2724 {
2725 const struct wiphy_radio *r = &wiphy->radio[idx];
2726 const struct wiphy_radio_cfg *rcfg = &wiphy->radio_cfg[idx];
2727 struct nlattr *radio, *freq;
2728 int i;
2729
2730 radio = nla_nest_start(msg, idx);
2731 if (!radio)
2732 return -ENOBUFS;
2733
2734 if (nla_put_u32(msg, NL80211_WIPHY_RADIO_ATTR_INDEX, idx))
2735 goto nla_put_failure;
2736
2737 if (rcfg->rts_threshold &&
2738 nla_put_u32(msg, NL80211_WIPHY_RADIO_ATTR_RTS_THRESHOLD,
2739 rcfg->rts_threshold))
2740 goto nla_put_failure;
2741
2742 if (r->antenna_mask &&
2743 nla_put_u32(msg, NL80211_WIPHY_RADIO_ATTR_ANTENNA_MASK,
2744 r->antenna_mask))
2745 goto nla_put_failure;
2746
2747 for (i = 0; i < r->n_freq_range; i++) {
2748 const struct wiphy_radio_freq_range *range = &r->freq_range[i];
2749
2750 freq = nla_nest_start(msg, NL80211_WIPHY_RADIO_ATTR_FREQ_RANGE);
2751 if (!freq)
2752 goto nla_put_failure;
2753
2754 if (nla_put_u32(msg, NL80211_WIPHY_RADIO_FREQ_ATTR_START,
2755 range->start_freq) ||
2756 nla_put_u32(msg, NL80211_WIPHY_RADIO_FREQ_ATTR_END,
2757 range->end_freq))
2758 goto nla_put_failure;
2759
2760 nla_nest_end(msg, freq);
2761 }
2762
2763 for (i = 0; i < r->n_iface_combinations; i++)
2764 if (nl80211_put_ifcomb_data(msg, true,
2765 NL80211_WIPHY_RADIO_ATTR_INTERFACE_COMBINATION,
2766 &r->iface_combinations[i],
2767 NLA_F_NESTED))
2768 goto nla_put_failure;
2769
2770 nla_nest_end(msg, radio);
2771
2772 return 0;
2773
2774 nla_put_failure:
2775 return -ENOBUFS;
2776 }
2777
nl80211_put_radios(struct wiphy * wiphy,struct sk_buff * msg)2778 static int nl80211_put_radios(struct wiphy *wiphy, struct sk_buff *msg)
2779 {
2780 struct nlattr *radios;
2781 int i;
2782
2783 if (!wiphy->n_radio)
2784 return 0;
2785
2786 radios = nla_nest_start(msg, NL80211_ATTR_WIPHY_RADIOS);
2787 if (!radios)
2788 return -ENOBUFS;
2789
2790 for (i = 0; i < wiphy->n_radio; i++)
2791 if (nl80211_put_radio(wiphy, msg, i))
2792 goto fail;
2793
2794 nla_nest_end(msg, radios);
2795
2796 if (nl80211_put_iface_combinations(wiphy, msg,
2797 NL80211_ATTR_WIPHY_INTERFACE_COMBINATIONS,
2798 -1, true, NLA_F_NESTED))
2799 return -ENOBUFS;
2800
2801 return 0;
2802
2803 fail:
2804 nla_nest_cancel(msg, radios);
2805 return -ENOBUFS;
2806 }
2807
nl80211_put_nan_phy_cap(struct wiphy * wiphy,struct sk_buff * msg)2808 static int nl80211_put_nan_phy_cap(struct wiphy *wiphy, struct sk_buff *msg)
2809 {
2810 struct nlattr *nl_phy_cap;
2811 const struct ieee80211_sta_ht_cap *ht_cap;
2812 const struct ieee80211_sta_vht_cap *vht_cap;
2813 const struct ieee80211_sta_he_cap *he_cap;
2814
2815 if (!cfg80211_iftype_allowed(wiphy, NL80211_IFTYPE_NAN_DATA, false, 0))
2816 return 0;
2817
2818 ht_cap = &wiphy->nan_capa.phy.ht;
2819 vht_cap = &wiphy->nan_capa.phy.vht;
2820 he_cap = &wiphy->nan_capa.phy.he;
2821
2822 /* HT is mandatory */
2823 if (WARN_ON(!ht_cap->ht_supported))
2824 return 0;
2825
2826 nl_phy_cap = nla_nest_start_noflag(msg, NL80211_NAN_CAPA_PHY);
2827 if (!nl_phy_cap)
2828 return -ENOBUFS;
2829
2830 if (nla_put(msg, NL80211_NAN_PHY_CAP_ATTR_HT_MCS_SET,
2831 sizeof(ht_cap->mcs), &ht_cap->mcs) ||
2832 nla_put_u16(msg, NL80211_NAN_PHY_CAP_ATTR_HT_CAPA, ht_cap->cap) ||
2833 nla_put_u8(msg, NL80211_NAN_PHY_CAP_ATTR_HT_AMPDU_FACTOR,
2834 ht_cap->ampdu_factor) ||
2835 nla_put_u8(msg, NL80211_NAN_PHY_CAP_ATTR_HT_AMPDU_DENSITY,
2836 ht_cap->ampdu_density))
2837 goto fail;
2838
2839 if (vht_cap->vht_supported) {
2840 if (nla_put(msg, NL80211_NAN_PHY_CAP_ATTR_VHT_MCS_SET,
2841 sizeof(vht_cap->vht_mcs), &vht_cap->vht_mcs) ||
2842 nla_put_u32(msg, NL80211_NAN_PHY_CAP_ATTR_VHT_CAPA,
2843 vht_cap->cap))
2844 goto fail;
2845 }
2846
2847 if (he_cap->has_he) {
2848 if (nla_put(msg, NL80211_NAN_PHY_CAP_ATTR_HE_MAC,
2849 sizeof(he_cap->he_cap_elem.mac_cap_info),
2850 he_cap->he_cap_elem.mac_cap_info) ||
2851 nla_put(msg, NL80211_NAN_PHY_CAP_ATTR_HE_PHY,
2852 sizeof(he_cap->he_cap_elem.phy_cap_info),
2853 he_cap->he_cap_elem.phy_cap_info) ||
2854 nla_put(msg, NL80211_NAN_PHY_CAP_ATTR_HE_MCS_SET,
2855 sizeof(he_cap->he_mcs_nss_supp),
2856 &he_cap->he_mcs_nss_supp) ||
2857 nla_put(msg, NL80211_NAN_PHY_CAP_ATTR_HE_PPE,
2858 sizeof(he_cap->ppe_thres), he_cap->ppe_thres))
2859 goto fail;
2860 }
2861
2862 nla_nest_end(msg, nl_phy_cap);
2863 return 0;
2864
2865 fail:
2866 nla_nest_cancel(msg, nl_phy_cap);
2867 return -ENOBUFS;
2868 }
2869
nl80211_put_nan_capa(struct wiphy * wiphy,struct sk_buff * msg)2870 static int nl80211_put_nan_capa(struct wiphy *wiphy, struct sk_buff *msg)
2871 {
2872 struct nlattr *nan_caps;
2873
2874 nan_caps = nla_nest_start(msg, NL80211_ATTR_NAN_CAPABILITIES);
2875 if (!nan_caps)
2876 return -ENOBUFS;
2877
2878 if (wiphy->nan_capa.flags & WIPHY_NAN_FLAGS_CONFIGURABLE_SYNC &&
2879 nla_put_flag(msg, NL80211_NAN_CAPA_CONFIGURABLE_SYNC))
2880 goto fail;
2881
2882 if ((wiphy->nan_capa.flags & WIPHY_NAN_FLAGS_USERSPACE_DE) &&
2883 nla_put_flag(msg, NL80211_NAN_CAPA_USERSPACE_DE))
2884 goto fail;
2885
2886 if (nla_put_u8(msg, NL80211_NAN_CAPA_OP_MODE,
2887 wiphy->nan_capa.op_mode) ||
2888 nla_put_u8(msg, NL80211_NAN_CAPA_NUM_ANTENNAS,
2889 wiphy->nan_capa.n_antennas) ||
2890 nla_put_u16(msg, NL80211_NAN_CAPA_MAX_CHANNEL_SWITCH_TIME,
2891 wiphy->nan_capa.max_channel_switch_time) ||
2892 nla_put_u8(msg, NL80211_NAN_CAPA_CAPABILITIES,
2893 wiphy->nan_capa.dev_capabilities))
2894 goto fail;
2895
2896 if (nl80211_put_nan_phy_cap(wiphy, msg))
2897 goto fail;
2898
2899 nla_nest_end(msg, nan_caps);
2900
2901 return 0;
2902
2903 fail:
2904 nla_nest_cancel(msg, nan_caps);
2905 return -ENOBUFS;
2906 }
2907
2908 struct nl80211_dump_wiphy_state {
2909 s64 filter_wiphy;
2910 long start;
2911 long split_start, band_start, chan_start, capa_start;
2912 bool split;
2913 };
2914
nl80211_send_wiphy(struct cfg80211_registered_device * rdev,enum nl80211_commands cmd,struct sk_buff * msg,u32 portid,u32 seq,int flags,struct nl80211_dump_wiphy_state * state)2915 static int nl80211_send_wiphy(struct cfg80211_registered_device *rdev,
2916 enum nl80211_commands cmd,
2917 struct sk_buff *msg, u32 portid, u32 seq,
2918 int flags, struct nl80211_dump_wiphy_state *state)
2919 {
2920 void *hdr;
2921 struct nlattr *nl_bands, *nl_band;
2922 struct nlattr *nl_freqs, *nl_freq;
2923 struct nlattr *nl_cmds;
2924 enum nl80211_band band;
2925 struct ieee80211_channel *chan;
2926 int i;
2927 const struct ieee80211_txrx_stypes *mgmt_stypes =
2928 rdev->wiphy.mgmt_stypes;
2929 u32 features;
2930
2931 hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
2932 if (!hdr)
2933 return -ENOBUFS;
2934
2935 if (WARN_ON(!state))
2936 return -EINVAL;
2937
2938 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
2939 nla_put_string(msg, NL80211_ATTR_WIPHY_NAME,
2940 wiphy_name(&rdev->wiphy)) ||
2941 nla_put_u32(msg, NL80211_ATTR_GENERATION,
2942 cfg80211_rdev_list_generation))
2943 goto nla_put_failure;
2944
2945 if (cmd != NL80211_CMD_NEW_WIPHY)
2946 goto finish;
2947
2948 switch (state->split_start) {
2949 case 0:
2950 if (nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_SHORT,
2951 rdev->wiphy.retry_short) ||
2952 nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_LONG,
2953 rdev->wiphy.retry_long) ||
2954 nla_put_u32(msg, NL80211_ATTR_WIPHY_FRAG_THRESHOLD,
2955 rdev->wiphy.frag_threshold) ||
2956 nla_put_u32(msg, NL80211_ATTR_WIPHY_RTS_THRESHOLD,
2957 rdev->wiphy.rts_threshold) ||
2958 nla_put_u8(msg, NL80211_ATTR_WIPHY_COVERAGE_CLASS,
2959 rdev->wiphy.coverage_class) ||
2960 nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCAN_SSIDS,
2961 rdev->wiphy.max_scan_ssids) ||
2962 nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCHED_SCAN_SSIDS,
2963 rdev->wiphy.max_sched_scan_ssids) ||
2964 nla_put_u16(msg, NL80211_ATTR_MAX_SCAN_IE_LEN,
2965 rdev->wiphy.max_scan_ie_len) ||
2966 nla_put_u16(msg, NL80211_ATTR_MAX_SCHED_SCAN_IE_LEN,
2967 rdev->wiphy.max_sched_scan_ie_len) ||
2968 nla_put_u8(msg, NL80211_ATTR_MAX_MATCH_SETS,
2969 rdev->wiphy.max_match_sets))
2970 goto nla_put_failure;
2971
2972 if ((rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN) &&
2973 nla_put_flag(msg, NL80211_ATTR_SUPPORT_IBSS_RSN))
2974 goto nla_put_failure;
2975 if ((rdev->wiphy.flags & WIPHY_FLAG_MESH_AUTH) &&
2976 nla_put_flag(msg, NL80211_ATTR_SUPPORT_MESH_AUTH))
2977 goto nla_put_failure;
2978 if ((rdev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) &&
2979 nla_put_flag(msg, NL80211_ATTR_SUPPORT_AP_UAPSD))
2980 goto nla_put_failure;
2981 if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_FW_ROAM) &&
2982 nla_put_flag(msg, NL80211_ATTR_ROAM_SUPPORT))
2983 goto nla_put_failure;
2984 if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) &&
2985 nla_put_flag(msg, NL80211_ATTR_TDLS_SUPPORT))
2986 goto nla_put_failure;
2987 if ((rdev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP) &&
2988 nla_put_flag(msg, NL80211_ATTR_TDLS_EXTERNAL_SETUP))
2989 goto nla_put_failure;
2990 state->split_start++;
2991 if (state->split)
2992 break;
2993 fallthrough;
2994 case 1:
2995 if (nla_put(msg, NL80211_ATTR_CIPHER_SUITES,
2996 sizeof(u32) * rdev->wiphy.n_cipher_suites,
2997 rdev->wiphy.cipher_suites))
2998 goto nla_put_failure;
2999
3000 if (nla_put_u8(msg, NL80211_ATTR_MAX_NUM_PMKIDS,
3001 rdev->wiphy.max_num_pmkids))
3002 goto nla_put_failure;
3003
3004 if ((rdev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) &&
3005 nla_put_flag(msg, NL80211_ATTR_CONTROL_PORT_ETHERTYPE))
3006 goto nla_put_failure;
3007
3008 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_TX,
3009 rdev->wiphy.available_antennas_tx) ||
3010 nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_RX,
3011 rdev->wiphy.available_antennas_rx))
3012 goto nla_put_failure;
3013
3014 if ((rdev->wiphy.flags & WIPHY_FLAG_AP_PROBE_RESP_OFFLOAD) &&
3015 nla_put_u32(msg, NL80211_ATTR_PROBE_RESP_OFFLOAD,
3016 rdev->wiphy.probe_resp_offload))
3017 goto nla_put_failure;
3018
3019 if ((rdev->wiphy.available_antennas_tx ||
3020 rdev->wiphy.available_antennas_rx) &&
3021 rdev->ops->get_antenna) {
3022 u32 tx_ant = 0, rx_ant = 0;
3023 int res;
3024
3025 res = rdev_get_antenna(rdev, -1, &tx_ant, &rx_ant);
3026 if (!res) {
3027 if (nla_put_u32(msg,
3028 NL80211_ATTR_WIPHY_ANTENNA_TX,
3029 tx_ant) ||
3030 nla_put_u32(msg,
3031 NL80211_ATTR_WIPHY_ANTENNA_RX,
3032 rx_ant))
3033 goto nla_put_failure;
3034 }
3035 }
3036
3037 state->split_start++;
3038 if (state->split)
3039 break;
3040 fallthrough;
3041 case 2:
3042 if (nl80211_put_iftypes(msg, NL80211_ATTR_SUPPORTED_IFTYPES,
3043 rdev->wiphy.interface_modes))
3044 goto nla_put_failure;
3045 state->split_start++;
3046 if (state->split)
3047 break;
3048 fallthrough;
3049 case 3:
3050 nl_bands = nla_nest_start_noflag(msg,
3051 NL80211_ATTR_WIPHY_BANDS);
3052 if (!nl_bands)
3053 goto nla_put_failure;
3054
3055 for (band = state->band_start;
3056 band < (state->split ?
3057 NUM_NL80211_BANDS :
3058 NL80211_BAND_60GHZ + 1);
3059 band++) {
3060 struct ieee80211_supported_band *sband;
3061
3062 /* omit higher bands for ancient software */
3063 if (band > NL80211_BAND_5GHZ && !state->split)
3064 break;
3065
3066 sband = rdev->wiphy.bands[band];
3067
3068 if (!sband)
3069 continue;
3070
3071 nl_band = nla_nest_start_noflag(msg, band);
3072 if (!nl_band)
3073 goto nla_put_failure;
3074
3075 switch (state->chan_start) {
3076 case 0:
3077 if (nl80211_send_band_rateinfo(msg, sband,
3078 state->split))
3079 goto nla_put_failure;
3080 state->chan_start++;
3081 if (state->split)
3082 break;
3083 fallthrough;
3084 default:
3085 /* add frequencies */
3086 nl_freqs = nla_nest_start_noflag(msg,
3087 NL80211_BAND_ATTR_FREQS);
3088 if (!nl_freqs)
3089 goto nla_put_failure;
3090
3091 for (i = state->chan_start - 1;
3092 i < sband->n_channels;
3093 i++) {
3094 nl_freq = nla_nest_start_noflag(msg,
3095 i);
3096 if (!nl_freq)
3097 goto nla_put_failure;
3098
3099 chan = &sband->channels[i];
3100
3101 if (nl80211_msg_put_channel(
3102 msg, &rdev->wiphy, chan,
3103 state->split))
3104 goto nla_put_failure;
3105
3106 nla_nest_end(msg, nl_freq);
3107 if (state->split)
3108 break;
3109 }
3110 if (i < sband->n_channels)
3111 state->chan_start = i + 2;
3112 else
3113 state->chan_start = 0;
3114 nla_nest_end(msg, nl_freqs);
3115 }
3116
3117 nla_nest_end(msg, nl_band);
3118
3119 if (state->split) {
3120 /* start again here */
3121 if (state->chan_start)
3122 band--;
3123 break;
3124 }
3125 }
3126 nla_nest_end(msg, nl_bands);
3127
3128 if (band < NUM_NL80211_BANDS)
3129 state->band_start = band + 1;
3130 else
3131 state->band_start = 0;
3132
3133 /* if bands & channels are done, continue outside */
3134 if (state->band_start == 0 && state->chan_start == 0)
3135 state->split_start++;
3136 if (state->split)
3137 break;
3138 fallthrough;
3139 case 4:
3140 nl_cmds = nla_nest_start_noflag(msg,
3141 NL80211_ATTR_SUPPORTED_COMMANDS);
3142 if (!nl_cmds)
3143 goto nla_put_failure;
3144
3145 i = nl80211_add_commands_unsplit(rdev, msg);
3146 if (i < 0)
3147 goto nla_put_failure;
3148 if (state->split) {
3149 CMD(crit_proto_start, CRIT_PROTOCOL_START);
3150 CMD(crit_proto_stop, CRIT_PROTOCOL_STOP);
3151 if (rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH)
3152 CMD(channel_switch, CHANNEL_SWITCH);
3153 CMD(set_qos_map, SET_QOS_MAP);
3154 if (rdev->wiphy.features &
3155 NL80211_FEATURE_SUPPORTS_WMM_ADMISSION)
3156 CMD(add_tx_ts, ADD_TX_TS);
3157 CMD(set_multicast_to_unicast, SET_MULTICAST_TO_UNICAST);
3158 CMD(update_connect_params, UPDATE_CONNECT_PARAMS);
3159 CMD(update_ft_ies, UPDATE_FT_IES);
3160 if (rdev->wiphy.sar_capa)
3161 CMD(set_sar_specs, SET_SAR_SPECS);
3162 CMD(assoc_ml_reconf, ASSOC_MLO_RECONF);
3163 }
3164 #undef CMD
3165
3166 nla_nest_end(msg, nl_cmds);
3167 state->split_start++;
3168 if (state->split)
3169 break;
3170 fallthrough;
3171 case 5:
3172 if (rdev->ops->remain_on_channel &&
3173 (rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL) &&
3174 nla_put_u32(msg,
3175 NL80211_ATTR_MAX_REMAIN_ON_CHANNEL_DURATION,
3176 rdev->wiphy.max_remain_on_channel_duration))
3177 goto nla_put_failure;
3178
3179 if ((rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX) &&
3180 nla_put_flag(msg, NL80211_ATTR_OFFCHANNEL_TX_OK))
3181 goto nla_put_failure;
3182
3183 state->split_start++;
3184 if (state->split)
3185 break;
3186 fallthrough;
3187 case 6:
3188 #ifdef CONFIG_PM
3189 if (nl80211_send_wowlan(msg, rdev, state->split))
3190 goto nla_put_failure;
3191 state->split_start++;
3192 if (state->split)
3193 break;
3194 #else
3195 state->split_start++;
3196 #endif
3197 fallthrough;
3198 case 7:
3199 if (nl80211_put_iftypes(msg, NL80211_ATTR_SOFTWARE_IFTYPES,
3200 rdev->wiphy.software_iftypes))
3201 goto nla_put_failure;
3202
3203 if (nl80211_put_iface_combinations(&rdev->wiphy, msg,
3204 NL80211_ATTR_INTERFACE_COMBINATIONS,
3205 rdev->wiphy.n_radio ? 0 : -1,
3206 state->split, 0))
3207 goto nla_put_failure;
3208
3209 state->split_start++;
3210 if (state->split)
3211 break;
3212 fallthrough;
3213 case 8:
3214 if ((rdev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME) &&
3215 nla_put_u32(msg, NL80211_ATTR_DEVICE_AP_SME,
3216 rdev->wiphy.ap_sme_capa))
3217 goto nla_put_failure;
3218
3219 features = rdev->wiphy.features;
3220 /*
3221 * We can only add the per-channel limit information if the
3222 * dump is split, otherwise it makes it too big. Therefore
3223 * only advertise it in that case.
3224 */
3225 if (state->split)
3226 features |= NL80211_FEATURE_ADVERTISE_CHAN_LIMITS;
3227 if (nla_put_u32(msg, NL80211_ATTR_FEATURE_FLAGS, features))
3228 goto nla_put_failure;
3229
3230 if (rdev->wiphy.ht_capa_mod_mask &&
3231 nla_put(msg, NL80211_ATTR_HT_CAPABILITY_MASK,
3232 sizeof(*rdev->wiphy.ht_capa_mod_mask),
3233 rdev->wiphy.ht_capa_mod_mask))
3234 goto nla_put_failure;
3235
3236 if (rdev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME &&
3237 rdev->wiphy.max_acl_mac_addrs &&
3238 nla_put_u32(msg, NL80211_ATTR_MAC_ACL_MAX,
3239 rdev->wiphy.max_acl_mac_addrs))
3240 goto nla_put_failure;
3241
3242 /*
3243 * Any information below this point is only available to
3244 * applications that can deal with it being split. This
3245 * helps ensure that newly added capabilities don't break
3246 * older tools by overrunning their buffers.
3247 *
3248 * We still increment split_start so that in the split
3249 * case we'll continue with more data in the next round,
3250 * but break unconditionally so unsplit data stops here.
3251 */
3252 if (state->split)
3253 state->split_start++;
3254 else
3255 state->split_start = 0;
3256 break;
3257 case 9:
3258 if (nl80211_send_mgmt_stypes(msg, mgmt_stypes))
3259 goto nla_put_failure;
3260
3261 if (nla_put_u32(msg, NL80211_ATTR_MAX_NUM_SCHED_SCAN_PLANS,
3262 rdev->wiphy.max_sched_scan_plans) ||
3263 nla_put_u32(msg, NL80211_ATTR_MAX_SCAN_PLAN_INTERVAL,
3264 rdev->wiphy.max_sched_scan_plan_interval) ||
3265 nla_put_u32(msg, NL80211_ATTR_MAX_SCAN_PLAN_ITERATIONS,
3266 rdev->wiphy.max_sched_scan_plan_iterations))
3267 goto nla_put_failure;
3268
3269 if (rdev->wiphy.extended_capabilities &&
3270 (nla_put(msg, NL80211_ATTR_EXT_CAPA,
3271 rdev->wiphy.extended_capabilities_len,
3272 rdev->wiphy.extended_capabilities) ||
3273 nla_put(msg, NL80211_ATTR_EXT_CAPA_MASK,
3274 rdev->wiphy.extended_capabilities_len,
3275 rdev->wiphy.extended_capabilities_mask)))
3276 goto nla_put_failure;
3277
3278 if (rdev->wiphy.vht_capa_mod_mask &&
3279 nla_put(msg, NL80211_ATTR_VHT_CAPABILITY_MASK,
3280 sizeof(*rdev->wiphy.vht_capa_mod_mask),
3281 rdev->wiphy.vht_capa_mod_mask))
3282 goto nla_put_failure;
3283
3284 if (nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN,
3285 rdev->wiphy.perm_addr))
3286 goto nla_put_failure;
3287
3288 if (!is_zero_ether_addr(rdev->wiphy.addr_mask) &&
3289 nla_put(msg, NL80211_ATTR_MAC_MASK, ETH_ALEN,
3290 rdev->wiphy.addr_mask))
3291 goto nla_put_failure;
3292
3293 if (rdev->wiphy.n_addresses > 1) {
3294 void *attr;
3295
3296 attr = nla_nest_start(msg, NL80211_ATTR_MAC_ADDRS);
3297 if (!attr)
3298 goto nla_put_failure;
3299
3300 for (i = 0; i < rdev->wiphy.n_addresses; i++)
3301 if (nla_put(msg, i + 1, ETH_ALEN,
3302 rdev->wiphy.addresses[i].addr))
3303 goto nla_put_failure;
3304
3305 nla_nest_end(msg, attr);
3306 }
3307
3308 state->split_start++;
3309 break;
3310 case 10:
3311 if (nl80211_send_coalesce(msg, rdev))
3312 goto nla_put_failure;
3313
3314 if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_5_10_MHZ) &&
3315 (nla_put_flag(msg, NL80211_ATTR_SUPPORT_5_MHZ) ||
3316 nla_put_flag(msg, NL80211_ATTR_SUPPORT_10_MHZ)))
3317 goto nla_put_failure;
3318
3319 if (rdev->wiphy.max_ap_assoc_sta &&
3320 nla_put_u32(msg, NL80211_ATTR_MAX_AP_ASSOC_STA,
3321 rdev->wiphy.max_ap_assoc_sta))
3322 goto nla_put_failure;
3323
3324 state->split_start++;
3325 break;
3326 case 11:
3327 if (rdev->wiphy.n_vendor_commands) {
3328 const struct nl80211_vendor_cmd_info *info;
3329 struct nlattr *nested;
3330
3331 nested = nla_nest_start_noflag(msg,
3332 NL80211_ATTR_VENDOR_DATA);
3333 if (!nested)
3334 goto nla_put_failure;
3335
3336 for (i = 0; i < rdev->wiphy.n_vendor_commands; i++) {
3337 info = &rdev->wiphy.vendor_commands[i].info;
3338 if (nla_put(msg, i + 1, sizeof(*info), info))
3339 goto nla_put_failure;
3340 }
3341 nla_nest_end(msg, nested);
3342 }
3343
3344 if (rdev->wiphy.n_vendor_events) {
3345 const struct nl80211_vendor_cmd_info *info;
3346 struct nlattr *nested;
3347
3348 nested = nla_nest_start_noflag(msg,
3349 NL80211_ATTR_VENDOR_EVENTS);
3350 if (!nested)
3351 goto nla_put_failure;
3352
3353 for (i = 0; i < rdev->wiphy.n_vendor_events; i++) {
3354 info = &rdev->wiphy.vendor_events[i];
3355 if (nla_put(msg, i + 1, sizeof(*info), info))
3356 goto nla_put_failure;
3357 }
3358 nla_nest_end(msg, nested);
3359 }
3360 state->split_start++;
3361 break;
3362 case 12:
3363 if (rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH &&
3364 nla_put_u8(msg, NL80211_ATTR_MAX_CSA_COUNTERS,
3365 rdev->wiphy.max_num_csa_counters))
3366 goto nla_put_failure;
3367
3368 if (rdev->wiphy.regulatory_flags & REGULATORY_WIPHY_SELF_MANAGED &&
3369 nla_put_flag(msg, NL80211_ATTR_WIPHY_SELF_MANAGED_REG))
3370 goto nla_put_failure;
3371
3372 if (rdev->wiphy.max_sched_scan_reqs &&
3373 nla_put_u32(msg, NL80211_ATTR_SCHED_SCAN_MAX_REQS,
3374 rdev->wiphy.max_sched_scan_reqs))
3375 goto nla_put_failure;
3376
3377 if (nla_put(msg, NL80211_ATTR_EXT_FEATURES,
3378 sizeof(rdev->wiphy.ext_features),
3379 rdev->wiphy.ext_features))
3380 goto nla_put_failure;
3381
3382 if (rdev->wiphy.bss_param_support) {
3383 struct nlattr *nested;
3384 u32 parsup = rdev->wiphy.bss_param_support;
3385
3386 nested = nla_nest_start(msg, NL80211_ATTR_BSS_PARAM);
3387 if (!nested)
3388 goto nla_put_failure;
3389
3390 if ((parsup & WIPHY_BSS_PARAM_CTS_PROT) &&
3391 nla_put_flag(msg, NL80211_ATTR_BSS_CTS_PROT))
3392 goto nla_put_failure;
3393 if ((parsup & WIPHY_BSS_PARAM_SHORT_PREAMBLE) &&
3394 nla_put_flag(msg, NL80211_ATTR_BSS_SHORT_PREAMBLE))
3395 goto nla_put_failure;
3396 if ((parsup & WIPHY_BSS_PARAM_SHORT_SLOT_TIME) &&
3397 nla_put_flag(msg, NL80211_ATTR_BSS_SHORT_SLOT_TIME))
3398 goto nla_put_failure;
3399 if ((parsup & WIPHY_BSS_PARAM_BASIC_RATES) &&
3400 nla_put_flag(msg, NL80211_ATTR_BSS_BASIC_RATES))
3401 goto nla_put_failure;
3402 if ((parsup & WIPHY_BSS_PARAM_AP_ISOLATE) &&
3403 nla_put_flag(msg, NL80211_ATTR_AP_ISOLATE))
3404 goto nla_put_failure;
3405 if ((parsup & WIPHY_BSS_PARAM_HT_OPMODE) &&
3406 nla_put_flag(msg, NL80211_ATTR_BSS_HT_OPMODE))
3407 goto nla_put_failure;
3408 if ((parsup & WIPHY_BSS_PARAM_P2P_CTWINDOW) &&
3409 nla_put_flag(msg, NL80211_ATTR_P2P_CTWINDOW))
3410 goto nla_put_failure;
3411 if ((parsup & WIPHY_BSS_PARAM_P2P_OPPPS) &&
3412 nla_put_flag(msg, NL80211_ATTR_P2P_OPPPS))
3413 goto nla_put_failure;
3414 nla_nest_end(msg, nested);
3415 }
3416 if (rdev->wiphy.bss_select_support) {
3417 struct nlattr *nested;
3418 u32 bss_select_support = rdev->wiphy.bss_select_support;
3419
3420 nested = nla_nest_start_noflag(msg,
3421 NL80211_ATTR_BSS_SELECT);
3422 if (!nested)
3423 goto nla_put_failure;
3424
3425 i = 0;
3426 while (bss_select_support) {
3427 if ((bss_select_support & 1) &&
3428 nla_put_flag(msg, i))
3429 goto nla_put_failure;
3430 i++;
3431 bss_select_support >>= 1;
3432 }
3433 nla_nest_end(msg, nested);
3434 }
3435
3436 state->split_start++;
3437 break;
3438 case 13:
3439 if (rdev->wiphy.num_iftype_ext_capab &&
3440 rdev->wiphy.iftype_ext_capab) {
3441 struct nlattr *nested_ext_capab, *nested;
3442
3443 nested = nla_nest_start_noflag(msg,
3444 NL80211_ATTR_IFTYPE_EXT_CAPA);
3445 if (!nested)
3446 goto nla_put_failure;
3447
3448 for (i = state->capa_start;
3449 i < rdev->wiphy.num_iftype_ext_capab; i++) {
3450 const struct wiphy_iftype_ext_capab *capab;
3451
3452 capab = &rdev->wiphy.iftype_ext_capab[i];
3453
3454 nested_ext_capab = nla_nest_start_noflag(msg,
3455 i);
3456 if (!nested_ext_capab ||
3457 nla_put_u32(msg, NL80211_ATTR_IFTYPE,
3458 capab->iftype) ||
3459 nla_put(msg, NL80211_ATTR_EXT_CAPA,
3460 capab->extended_capabilities_len,
3461 capab->extended_capabilities) ||
3462 nla_put(msg, NL80211_ATTR_EXT_CAPA_MASK,
3463 capab->extended_capabilities_len,
3464 capab->extended_capabilities_mask))
3465 goto nla_put_failure;
3466
3467 if (rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_MLO &&
3468 (nla_put_u16(msg,
3469 NL80211_ATTR_EML_CAPABILITY,
3470 capab->eml_capabilities) ||
3471 nla_put_u16(msg,
3472 NL80211_ATTR_MLD_CAPA_AND_OPS,
3473 capab->mld_capa_and_ops)))
3474 goto nla_put_failure;
3475
3476 nla_nest_end(msg, nested_ext_capab);
3477 if (state->split)
3478 break;
3479 }
3480 nla_nest_end(msg, nested);
3481 if (i < rdev->wiphy.num_iftype_ext_capab) {
3482 state->capa_start = i + 1;
3483 break;
3484 }
3485 }
3486
3487 if (nla_put_u32(msg, NL80211_ATTR_BANDS,
3488 rdev->wiphy.nan_supported_bands))
3489 goto nla_put_failure;
3490
3491 if (wiphy_ext_feature_isset(&rdev->wiphy,
3492 NL80211_EXT_FEATURE_TXQS)) {
3493 struct cfg80211_txq_stats txqstats = {};
3494 int res;
3495
3496 res = rdev_get_txq_stats(rdev, NULL, &txqstats);
3497 if (!res &&
3498 !nl80211_put_txq_stats(msg, &txqstats,
3499 NL80211_ATTR_TXQ_STATS))
3500 goto nla_put_failure;
3501
3502 if (nla_put_u32(msg, NL80211_ATTR_TXQ_LIMIT,
3503 rdev->wiphy.txq_limit))
3504 goto nla_put_failure;
3505 if (nla_put_u32(msg, NL80211_ATTR_TXQ_MEMORY_LIMIT,
3506 rdev->wiphy.txq_memory_limit))
3507 goto nla_put_failure;
3508 if (nla_put_u32(msg, NL80211_ATTR_TXQ_QUANTUM,
3509 rdev->wiphy.txq_quantum))
3510 goto nla_put_failure;
3511 }
3512
3513 state->split_start++;
3514 break;
3515 case 14:
3516 if (nl80211_send_pmsr_capa(rdev, msg))
3517 goto nla_put_failure;
3518
3519 state->split_start++;
3520 break;
3521 case 15:
3522 if (rdev->wiphy.akm_suites &&
3523 nla_put(msg, NL80211_ATTR_AKM_SUITES,
3524 sizeof(u32) * rdev->wiphy.n_akm_suites,
3525 rdev->wiphy.akm_suites))
3526 goto nla_put_failure;
3527
3528 if (nl80211_put_iftype_akm_suites(rdev, msg))
3529 goto nla_put_failure;
3530
3531 if (nl80211_put_tid_config_support(rdev, msg))
3532 goto nla_put_failure;
3533 state->split_start++;
3534 break;
3535 case 16:
3536 if (nl80211_put_sar_specs(rdev, msg))
3537 goto nla_put_failure;
3538
3539 if (nl80211_put_mbssid_support(&rdev->wiphy, msg))
3540 goto nla_put_failure;
3541
3542 if (nla_put_u16(msg, NL80211_ATTR_MAX_NUM_AKM_SUITES,
3543 rdev->wiphy.max_num_akm_suites))
3544 goto nla_put_failure;
3545
3546 if (rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_MLO)
3547 nla_put_flag(msg, NL80211_ATTR_MLO_SUPPORT);
3548
3549 if (rdev->wiphy.hw_timestamp_max_peers &&
3550 nla_put_u16(msg, NL80211_ATTR_MAX_HW_TIMESTAMP_PEERS,
3551 rdev->wiphy.hw_timestamp_max_peers))
3552 goto nla_put_failure;
3553
3554 state->split_start++;
3555 break;
3556 case 17:
3557 if (nl80211_put_radios(&rdev->wiphy, msg))
3558 goto nla_put_failure;
3559
3560 state->split_start++;
3561 break;
3562 case 18:
3563 if (nl80211_put_nan_capa(&rdev->wiphy, msg))
3564 goto nla_put_failure;
3565
3566 /* done */
3567 state->split_start = 0;
3568 break;
3569 }
3570 finish:
3571 genlmsg_end(msg, hdr);
3572 return 0;
3573
3574 nla_put_failure:
3575 genlmsg_cancel(msg, hdr);
3576 return -EMSGSIZE;
3577 }
3578
nl80211_dump_wiphy_parse(struct sk_buff * skb,struct netlink_callback * cb,struct nl80211_dump_wiphy_state * state)3579 static int nl80211_dump_wiphy_parse(struct sk_buff *skb,
3580 struct netlink_callback *cb,
3581 struct nl80211_dump_wiphy_state *state)
3582 {
3583 struct nlattr **tb = kzalloc_objs(*tb, NUM_NL80211_ATTR);
3584 int ret;
3585
3586 if (!tb)
3587 return -ENOMEM;
3588
3589 ret = nlmsg_parse_deprecated(cb->nlh,
3590 GENL_HDRLEN + nl80211_fam.hdrsize,
3591 tb, nl80211_fam.maxattr,
3592 nl80211_policy, NULL);
3593 /* ignore parse errors for backward compatibility */
3594 if (ret) {
3595 ret = 0;
3596 goto out;
3597 }
3598
3599 state->split = tb[NL80211_ATTR_SPLIT_WIPHY_DUMP];
3600 if (tb[NL80211_ATTR_WIPHY])
3601 state->filter_wiphy = nla_get_u32(tb[NL80211_ATTR_WIPHY]);
3602 if (tb[NL80211_ATTR_WDEV])
3603 state->filter_wiphy = nla_get_u64(tb[NL80211_ATTR_WDEV]) >> 32;
3604 if (tb[NL80211_ATTR_IFINDEX]) {
3605 struct net_device *netdev;
3606 struct cfg80211_registered_device *rdev;
3607 int ifidx = nla_get_u32(tb[NL80211_ATTR_IFINDEX]);
3608
3609 netdev = __dev_get_by_index(sock_net(skb->sk), ifidx);
3610 if (!netdev) {
3611 ret = -ENODEV;
3612 goto out;
3613 }
3614 if (netdev->ieee80211_ptr) {
3615 rdev = wiphy_to_rdev(
3616 netdev->ieee80211_ptr->wiphy);
3617 state->filter_wiphy = rdev->wiphy_idx;
3618 }
3619 }
3620
3621 ret = 0;
3622 out:
3623 kfree(tb);
3624 return ret;
3625 }
3626
nl80211_dump_wiphy(struct sk_buff * skb,struct netlink_callback * cb)3627 static int nl80211_dump_wiphy(struct sk_buff *skb, struct netlink_callback *cb)
3628 {
3629 int idx = 0, ret;
3630 struct nl80211_dump_wiphy_state *state = (void *)cb->args[0];
3631 struct cfg80211_registered_device *rdev;
3632
3633 rtnl_lock();
3634 if (!state) {
3635 state = kzalloc_obj(*state);
3636 if (!state) {
3637 rtnl_unlock();
3638 return -ENOMEM;
3639 }
3640 state->filter_wiphy = -1;
3641 ret = nl80211_dump_wiphy_parse(skb, cb, state);
3642 if (ret) {
3643 kfree(state);
3644 rtnl_unlock();
3645 return ret;
3646 }
3647 cb->args[0] = (long)state;
3648 }
3649
3650 for_each_rdev(rdev) {
3651 if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk)))
3652 continue;
3653 if (++idx <= state->start)
3654 continue;
3655 if (state->filter_wiphy != -1 &&
3656 state->filter_wiphy != rdev->wiphy_idx)
3657 continue;
3658 wiphy_lock(&rdev->wiphy);
3659 /* attempt to fit multiple wiphy data chunks into the skb */
3660 do {
3661 ret = nl80211_send_wiphy(rdev, NL80211_CMD_NEW_WIPHY,
3662 skb,
3663 NETLINK_CB(cb->skb).portid,
3664 cb->nlh->nlmsg_seq,
3665 NLM_F_MULTI, state);
3666 if (ret < 0) {
3667 /*
3668 * If sending the wiphy data didn't fit (ENOBUFS
3669 * or EMSGSIZE returned), this SKB is still
3670 * empty (so it's not too big because another
3671 * wiphy dataset is already in the skb) and
3672 * we've not tried to adjust the dump allocation
3673 * yet ... then adjust the alloc size to be
3674 * bigger, and return 1 but with the empty skb.
3675 * This results in an empty message being RX'ed
3676 * in userspace, but that is ignored.
3677 *
3678 * We can then retry with the larger buffer.
3679 */
3680 if ((ret == -ENOBUFS || ret == -EMSGSIZE) &&
3681 !skb->len && !state->split &&
3682 cb->min_dump_alloc < 4096) {
3683 cb->min_dump_alloc = 4096;
3684 state->split_start = 0;
3685 wiphy_unlock(&rdev->wiphy);
3686 rtnl_unlock();
3687 return 1;
3688 }
3689 idx--;
3690 break;
3691 }
3692 } while (state->split_start > 0);
3693 wiphy_unlock(&rdev->wiphy);
3694 break;
3695 }
3696 rtnl_unlock();
3697
3698 state->start = idx;
3699
3700 return skb->len;
3701 }
3702
nl80211_dump_wiphy_done(struct netlink_callback * cb)3703 static int nl80211_dump_wiphy_done(struct netlink_callback *cb)
3704 {
3705 kfree((void *)cb->args[0]);
3706 return 0;
3707 }
3708
nl80211_get_wiphy(struct sk_buff * skb,struct genl_info * info)3709 static int nl80211_get_wiphy(struct sk_buff *skb, struct genl_info *info)
3710 {
3711 struct sk_buff *msg;
3712 struct cfg80211_registered_device *rdev = info->user_ptr[0];
3713 struct nl80211_dump_wiphy_state state = {};
3714
3715 msg = nlmsg_new(4096, GFP_KERNEL);
3716 if (!msg)
3717 return -ENOMEM;
3718
3719 if (nl80211_send_wiphy(rdev, NL80211_CMD_NEW_WIPHY, msg,
3720 info->snd_portid, info->snd_seq, 0,
3721 &state) < 0) {
3722 nlmsg_free(msg);
3723 return -ENOBUFS;
3724 }
3725
3726 return genlmsg_reply(msg, info);
3727 }
3728
3729 static const struct nla_policy txq_params_policy[NL80211_TXQ_ATTR_MAX + 1] = {
3730 [NL80211_TXQ_ATTR_QUEUE] = { .type = NLA_U8 },
3731 [NL80211_TXQ_ATTR_TXOP] = { .type = NLA_U16 },
3732 [NL80211_TXQ_ATTR_CWMIN] = { .type = NLA_U16 },
3733 [NL80211_TXQ_ATTR_CWMAX] = { .type = NLA_U16 },
3734 [NL80211_TXQ_ATTR_AIFS] = { .type = NLA_U8 },
3735 };
3736
parse_txq_params(struct nlattr * tb[],struct ieee80211_txq_params * txq_params)3737 static int parse_txq_params(struct nlattr *tb[],
3738 struct ieee80211_txq_params *txq_params)
3739 {
3740 u8 ac;
3741
3742 if (!tb[NL80211_TXQ_ATTR_AC] || !tb[NL80211_TXQ_ATTR_TXOP] ||
3743 !tb[NL80211_TXQ_ATTR_CWMIN] || !tb[NL80211_TXQ_ATTR_CWMAX] ||
3744 !tb[NL80211_TXQ_ATTR_AIFS])
3745 return -EINVAL;
3746
3747 ac = nla_get_u8(tb[NL80211_TXQ_ATTR_AC]);
3748 txq_params->txop = nla_get_u16(tb[NL80211_TXQ_ATTR_TXOP]);
3749 txq_params->cwmin = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMIN]);
3750 txq_params->cwmax = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMAX]);
3751 txq_params->aifs = nla_get_u8(tb[NL80211_TXQ_ATTR_AIFS]);
3752
3753 if (ac >= NL80211_NUM_ACS)
3754 return -EINVAL;
3755 txq_params->ac = array_index_nospec(ac, NL80211_NUM_ACS);
3756 return 0;
3757 }
3758
nl80211_can_set_dev_channel(struct wireless_dev * wdev)3759 static bool nl80211_can_set_dev_channel(struct wireless_dev *wdev)
3760 {
3761 /*
3762 * You can only set the channel explicitly for some interfaces,
3763 * most have their channel managed via their respective
3764 * "establish a connection" command (connect, join, ...)
3765 *
3766 * For AP/GO and mesh mode, the channel can be set with the
3767 * channel userspace API, but is only stored and passed to the
3768 * low-level driver when the AP starts or the mesh is joined.
3769 * This is for backward compatibility, userspace can also give
3770 * the channel in the start-ap or join-mesh commands instead.
3771 *
3772 * Monitors are special as they are normally slaved to
3773 * whatever else is going on, so they have their own special
3774 * operation to set the monitor channel if possible.
3775 */
3776 return !wdev ||
3777 wdev->iftype == NL80211_IFTYPE_AP ||
3778 wdev->iftype == NL80211_IFTYPE_MESH_POINT ||
3779 wdev->iftype == NL80211_IFTYPE_MONITOR ||
3780 wdev->iftype == NL80211_IFTYPE_P2P_GO;
3781 }
3782
_nl80211_parse_chandef(struct cfg80211_registered_device * rdev,struct netlink_ext_ack * extack,struct nlattr ** attrs,bool monitor,struct cfg80211_chan_def * chandef)3783 static int _nl80211_parse_chandef(struct cfg80211_registered_device *rdev,
3784 struct netlink_ext_ack *extack,
3785 struct nlattr **attrs, bool monitor,
3786 struct cfg80211_chan_def *chandef)
3787 {
3788 u32 control_freq;
3789
3790 if (!attrs[NL80211_ATTR_WIPHY_FREQ]) {
3791 NL_SET_ERR_MSG_ATTR(extack, attrs[NL80211_ATTR_WIPHY_FREQ],
3792 "Frequency is missing");
3793 return -EINVAL;
3794 }
3795
3796 control_freq = MHZ_TO_KHZ(
3797 nla_get_u32(attrs[NL80211_ATTR_WIPHY_FREQ]));
3798 if (attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET])
3799 control_freq +=
3800 nla_get_u32(attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET]);
3801
3802 memset(chandef, 0, sizeof(*chandef));
3803 chandef->chan = ieee80211_get_channel_khz(&rdev->wiphy, control_freq);
3804 chandef->width = NL80211_CHAN_WIDTH_20_NOHT;
3805 chandef->center_freq1 = KHZ_TO_MHZ(control_freq);
3806 chandef->freq1_offset = control_freq % 1000;
3807 chandef->center_freq2 = 0;
3808 chandef->s1g_primary_2mhz = false;
3809
3810 if (!chandef->chan) {
3811 NL_SET_ERR_MSG_ATTR(extack, attrs[NL80211_ATTR_WIPHY_FREQ],
3812 "Unknown channel");
3813 return -EINVAL;
3814 }
3815
3816 if (cfg80211_chandef_is_s1g(chandef))
3817 chandef->width = NL80211_CHAN_WIDTH_1;
3818
3819 if (attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) {
3820 enum nl80211_channel_type chantype;
3821
3822 chantype = nla_get_u32(attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]);
3823
3824 switch (chantype) {
3825 case NL80211_CHAN_NO_HT:
3826 case NL80211_CHAN_HT20:
3827 case NL80211_CHAN_HT40PLUS:
3828 case NL80211_CHAN_HT40MINUS:
3829 if (chandef->chan->band == NL80211_BAND_60GHZ ||
3830 chandef->chan->band == NL80211_BAND_S1GHZ)
3831 return -EINVAL;
3832 cfg80211_chandef_create(chandef, chandef->chan,
3833 chantype);
3834 /* user input for center_freq is incorrect */
3835 if (attrs[NL80211_ATTR_CENTER_FREQ1] &&
3836 chandef->center_freq1 != nla_get_u32(attrs[NL80211_ATTR_CENTER_FREQ1])) {
3837 NL_SET_ERR_MSG_ATTR(extack,
3838 attrs[NL80211_ATTR_CENTER_FREQ1],
3839 "bad center frequency 1");
3840 return -EINVAL;
3841 }
3842 /* center_freq2 must be zero */
3843 if (attrs[NL80211_ATTR_CENTER_FREQ2] &&
3844 nla_get_u32(attrs[NL80211_ATTR_CENTER_FREQ2])) {
3845 NL_SET_ERR_MSG_ATTR(extack,
3846 attrs[NL80211_ATTR_CENTER_FREQ2],
3847 "center frequency 2 can't be used");
3848 return -EINVAL;
3849 }
3850 break;
3851 default:
3852 NL_SET_ERR_MSG_ATTR(extack,
3853 attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE],
3854 "invalid channel type");
3855 return -EINVAL;
3856 }
3857 } else if (attrs[NL80211_ATTR_CHANNEL_WIDTH]) {
3858 chandef->width = nla_get_u32(attrs[NL80211_ATTR_CHANNEL_WIDTH]);
3859 if (attrs[NL80211_ATTR_CENTER_FREQ1]) {
3860 chandef->center_freq1 =
3861 nla_get_u32(attrs[NL80211_ATTR_CENTER_FREQ1]);
3862 chandef->freq1_offset = nla_get_u32_default(
3863 attrs[NL80211_ATTR_CENTER_FREQ1_OFFSET], 0);
3864 }
3865
3866 if (attrs[NL80211_ATTR_CENTER_FREQ2])
3867 chandef->center_freq2 =
3868 nla_get_u32(attrs[NL80211_ATTR_CENTER_FREQ2]);
3869
3870 chandef->s1g_primary_2mhz = nla_get_flag(
3871 attrs[NL80211_ATTR_S1G_PRIMARY_2MHZ]);
3872 }
3873
3874 if (attrs[NL80211_ATTR_WIPHY_EDMG_CHANNELS]) {
3875 chandef->edmg.channels =
3876 nla_get_u8(attrs[NL80211_ATTR_WIPHY_EDMG_CHANNELS]);
3877
3878 if (attrs[NL80211_ATTR_WIPHY_EDMG_BW_CONFIG])
3879 chandef->edmg.bw_config =
3880 nla_get_u8(attrs[NL80211_ATTR_WIPHY_EDMG_BW_CONFIG]);
3881 } else {
3882 chandef->edmg.bw_config = 0;
3883 chandef->edmg.channels = 0;
3884 }
3885
3886 if (attrs[NL80211_ATTR_PUNCT_BITMAP]) {
3887 chandef->punctured =
3888 nla_get_u32(attrs[NL80211_ATTR_PUNCT_BITMAP]);
3889
3890 if (chandef->punctured &&
3891 !wiphy_ext_feature_isset(&rdev->wiphy,
3892 NL80211_EXT_FEATURE_PUNCT)) {
3893 NL_SET_ERR_MSG_ATTR(extack,
3894 attrs[NL80211_ATTR_WIPHY_FREQ],
3895 "driver doesn't support puncturing");
3896 return -EINVAL;
3897 }
3898 }
3899
3900 if (!cfg80211_chandef_valid(chandef)) {
3901 NL_SET_ERR_MSG_ATTR(extack, attrs[NL80211_ATTR_WIPHY_FREQ],
3902 "invalid channel definition");
3903 return -EINVAL;
3904 }
3905
3906 if (!_cfg80211_chandef_usable(&rdev->wiphy, chandef,
3907 IEEE80211_CHAN_DISABLED,
3908 monitor ? IEEE80211_CHAN_CAN_MONITOR : 0)) {
3909 NL_SET_ERR_MSG_ATTR(extack, attrs[NL80211_ATTR_WIPHY_FREQ],
3910 "(extension) channel is disabled");
3911 return -EINVAL;
3912 }
3913
3914 if ((chandef->width == NL80211_CHAN_WIDTH_5 ||
3915 chandef->width == NL80211_CHAN_WIDTH_10) &&
3916 !(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_5_10_MHZ)) {
3917 NL_SET_ERR_MSG(extack, "5/10 MHz not supported");
3918 return -EINVAL;
3919 }
3920
3921 return 0;
3922 }
3923
nl80211_parse_chandef(struct cfg80211_registered_device * rdev,struct netlink_ext_ack * extack,struct nlattr ** attrs,struct cfg80211_chan_def * chandef)3924 int nl80211_parse_chandef(struct cfg80211_registered_device *rdev,
3925 struct netlink_ext_ack *extack,
3926 struct nlattr **attrs,
3927 struct cfg80211_chan_def *chandef)
3928 {
3929 return _nl80211_parse_chandef(rdev, extack, attrs, false, chandef);
3930 }
3931
__nl80211_set_channel(struct cfg80211_registered_device * rdev,struct net_device * dev,struct genl_info * info,int _link_id)3932 static int __nl80211_set_channel(struct cfg80211_registered_device *rdev,
3933 struct net_device *dev,
3934 struct genl_info *info,
3935 int _link_id)
3936 {
3937 struct cfg80211_chan_def chandef;
3938 int result;
3939 enum nl80211_iftype iftype = NL80211_IFTYPE_MONITOR;
3940 struct wireless_dev *wdev = NULL;
3941 int link_id = _link_id;
3942
3943 if (dev)
3944 wdev = dev->ieee80211_ptr;
3945 if (!nl80211_can_set_dev_channel(wdev))
3946 return -EOPNOTSUPP;
3947 if (wdev)
3948 iftype = wdev->iftype;
3949
3950 if (link_id < 0) {
3951 if (wdev && wdev->valid_links)
3952 return -EINVAL;
3953 link_id = 0;
3954 }
3955
3956 result = _nl80211_parse_chandef(rdev, info->extack, info->attrs,
3957 iftype == NL80211_IFTYPE_MONITOR,
3958 &chandef);
3959 if (result)
3960 return result;
3961
3962 switch (iftype) {
3963 case NL80211_IFTYPE_AP:
3964 case NL80211_IFTYPE_P2P_GO:
3965 if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, &chandef,
3966 iftype))
3967 return -EINVAL;
3968 if (wdev->links[link_id].ap.beacon_interval) {
3969 struct ieee80211_channel *cur_chan;
3970
3971 if (!dev || !rdev->ops->set_ap_chanwidth ||
3972 !(rdev->wiphy.features &
3973 NL80211_FEATURE_AP_MODE_CHAN_WIDTH_CHANGE))
3974 return -EBUSY;
3975
3976 /* Only allow dynamic channel width changes */
3977 cur_chan = wdev->links[link_id].ap.chandef.chan;
3978 if (chandef.chan != cur_chan)
3979 return -EBUSY;
3980
3981 /* only allow this for regular channel widths */
3982 switch (wdev->links[link_id].ap.chandef.width) {
3983 case NL80211_CHAN_WIDTH_20_NOHT:
3984 case NL80211_CHAN_WIDTH_20:
3985 case NL80211_CHAN_WIDTH_40:
3986 case NL80211_CHAN_WIDTH_80:
3987 case NL80211_CHAN_WIDTH_80P80:
3988 case NL80211_CHAN_WIDTH_160:
3989 case NL80211_CHAN_WIDTH_320:
3990 break;
3991 default:
3992 return -EINVAL;
3993 }
3994
3995 switch (chandef.width) {
3996 case NL80211_CHAN_WIDTH_20_NOHT:
3997 case NL80211_CHAN_WIDTH_20:
3998 case NL80211_CHAN_WIDTH_40:
3999 case NL80211_CHAN_WIDTH_80:
4000 case NL80211_CHAN_WIDTH_80P80:
4001 case NL80211_CHAN_WIDTH_160:
4002 case NL80211_CHAN_WIDTH_320:
4003 break;
4004 default:
4005 return -EINVAL;
4006 }
4007
4008 result = rdev_set_ap_chanwidth(rdev, dev, link_id,
4009 &chandef);
4010 if (result)
4011 return result;
4012 wdev->links[link_id].ap.chandef = chandef;
4013 } else {
4014 wdev->u.ap.preset_chandef = chandef;
4015 }
4016 return 0;
4017 case NL80211_IFTYPE_MESH_POINT:
4018 return cfg80211_set_mesh_channel(rdev, wdev, &chandef);
4019 case NL80211_IFTYPE_MONITOR:
4020 return cfg80211_set_monitor_channel(rdev, dev, &chandef);
4021 default:
4022 break;
4023 }
4024
4025 return -EINVAL;
4026 }
4027
nl80211_set_channel(struct sk_buff * skb,struct genl_info * info)4028 static int nl80211_set_channel(struct sk_buff *skb, struct genl_info *info)
4029 {
4030 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4031 int link_id = nl80211_link_id_or_invalid(info->attrs);
4032 struct net_device *netdev = info->user_ptr[1];
4033
4034 return __nl80211_set_channel(rdev, netdev, info, link_id);
4035 }
4036
nl80211_set_wiphy_radio(struct genl_info * info,struct cfg80211_registered_device * rdev,int radio_idx)4037 static int nl80211_set_wiphy_radio(struct genl_info *info,
4038 struct cfg80211_registered_device *rdev,
4039 int radio_idx)
4040 {
4041 u32 rts_threshold = 0, old_rts, changed = 0;
4042 int result;
4043
4044 if (!rdev->ops->set_wiphy_params)
4045 return -EOPNOTSUPP;
4046
4047 if (info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]) {
4048 rts_threshold = nla_get_u32(
4049 info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]);
4050 changed |= WIPHY_PARAM_RTS_THRESHOLD;
4051 }
4052
4053 old_rts = rdev->wiphy.radio_cfg[radio_idx].rts_threshold;
4054
4055 rdev->wiphy.radio_cfg[radio_idx].rts_threshold = rts_threshold;
4056
4057 result = rdev_set_wiphy_params(rdev, radio_idx, changed);
4058 if (result)
4059 rdev->wiphy.radio_cfg[radio_idx].rts_threshold = old_rts;
4060
4061 return 0;
4062 }
4063
nl80211_set_wiphy(struct sk_buff * skb,struct genl_info * info)4064 static int nl80211_set_wiphy(struct sk_buff *skb, struct genl_info *info)
4065 {
4066 struct cfg80211_registered_device *rdev = NULL;
4067 struct net_device *netdev = NULL;
4068 struct wireless_dev *wdev;
4069 int result = 0, rem_txq_params = 0;
4070 struct nlattr *nl_txq_params;
4071 u32 changed;
4072 u8 retry_short = 0, retry_long = 0;
4073 u32 frag_threshold = 0, rts_threshold = 0;
4074 u8 coverage_class = 0;
4075 u32 txq_limit = 0, txq_memory_limit = 0, txq_quantum = 0;
4076 int radio_idx = -1;
4077
4078 rtnl_lock();
4079 /*
4080 * Try to find the wiphy and netdev. Normally this
4081 * function shouldn't need the netdev, but this is
4082 * done for backward compatibility -- previously
4083 * setting the channel was done per wiphy, but now
4084 * it is per netdev. Previous userland like hostapd
4085 * also passed a netdev to set_wiphy, so that it is
4086 * possible to let that go to the right netdev!
4087 */
4088
4089 if (info->attrs[NL80211_ATTR_IFINDEX]) {
4090 int ifindex = nla_get_u32(info->attrs[NL80211_ATTR_IFINDEX]);
4091
4092 netdev = __dev_get_by_index(genl_info_net(info), ifindex);
4093 if (netdev && netdev->ieee80211_ptr)
4094 rdev = wiphy_to_rdev(netdev->ieee80211_ptr->wiphy);
4095 else
4096 netdev = NULL;
4097 }
4098
4099 if (!netdev) {
4100 rdev = __cfg80211_rdev_from_attrs(genl_info_net(info),
4101 info->attrs);
4102 if (IS_ERR(rdev)) {
4103 rtnl_unlock();
4104 return PTR_ERR(rdev);
4105 }
4106 wdev = NULL;
4107 netdev = NULL;
4108 result = 0;
4109 } else
4110 wdev = netdev->ieee80211_ptr;
4111
4112 guard(wiphy)(&rdev->wiphy);
4113
4114 /*
4115 * end workaround code, by now the rdev is available
4116 * and locked, and wdev may or may not be NULL.
4117 */
4118
4119 if (info->attrs[NL80211_ATTR_WIPHY_NAME])
4120 result = cfg80211_dev_rename(
4121 rdev, nla_data(info->attrs[NL80211_ATTR_WIPHY_NAME]));
4122 rtnl_unlock();
4123
4124 if (result)
4125 return result;
4126
4127 if (info->attrs[NL80211_ATTR_WIPHY_RADIO_INDEX]) {
4128 /* Radio idx is not expected for non-multi radio wiphy */
4129 if (rdev->wiphy.n_radio <= 0)
4130 return -EINVAL;
4131
4132 radio_idx = nla_get_u8(
4133 info->attrs[NL80211_ATTR_WIPHY_RADIO_INDEX]);
4134 if (radio_idx >= rdev->wiphy.n_radio)
4135 return -EINVAL;
4136
4137 return nl80211_set_wiphy_radio(info, rdev, radio_idx);
4138 }
4139
4140 if (info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS]) {
4141 struct ieee80211_txq_params txq_params;
4142 struct nlattr *tb[NL80211_TXQ_ATTR_MAX + 1];
4143
4144 if (!rdev->ops->set_txq_params)
4145 return -EOPNOTSUPP;
4146
4147 if (!netdev)
4148 return -EINVAL;
4149
4150 if (netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
4151 netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4152 return -EINVAL;
4153
4154 if (!netif_running(netdev))
4155 return -ENETDOWN;
4156
4157 nla_for_each_nested(nl_txq_params,
4158 info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS],
4159 rem_txq_params) {
4160 result = nla_parse_nested_deprecated(tb,
4161 NL80211_TXQ_ATTR_MAX,
4162 nl_txq_params,
4163 txq_params_policy,
4164 info->extack);
4165 if (result)
4166 return result;
4167
4168 result = parse_txq_params(tb, &txq_params);
4169 if (result)
4170 return result;
4171
4172 txq_params.link_id =
4173 nl80211_link_id_or_invalid(info->attrs);
4174
4175 if (txq_params.link_id >= 0 &&
4176 !(netdev->ieee80211_ptr->valid_links &
4177 BIT(txq_params.link_id)))
4178 result = -ENOLINK;
4179 else if (txq_params.link_id >= 0 &&
4180 !netdev->ieee80211_ptr->valid_links)
4181 result = -EINVAL;
4182 else
4183 result = rdev_set_txq_params(rdev, netdev,
4184 &txq_params);
4185 if (result)
4186 return result;
4187 }
4188 }
4189
4190 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
4191 int link_id = nl80211_link_id_or_invalid(info->attrs);
4192
4193 if (wdev) {
4194 result = __nl80211_set_channel(
4195 rdev,
4196 nl80211_can_set_dev_channel(wdev) ? netdev : NULL,
4197 info, link_id);
4198 } else {
4199 result = __nl80211_set_channel(rdev, netdev, info, link_id);
4200 }
4201
4202 if (result)
4203 return result;
4204 }
4205
4206 if (info->attrs[NL80211_ATTR_WIPHY_TX_POWER_SETTING]) {
4207 struct wireless_dev *txp_wdev = wdev;
4208 enum nl80211_tx_power_setting type;
4209 int idx, mbm = 0;
4210
4211 if (!(rdev->wiphy.features & NL80211_FEATURE_VIF_TXPOWER))
4212 txp_wdev = NULL;
4213
4214 if (!rdev->ops->set_tx_power)
4215 return -EOPNOTSUPP;
4216
4217 idx = NL80211_ATTR_WIPHY_TX_POWER_SETTING;
4218 type = nla_get_u32(info->attrs[idx]);
4219
4220 if (!info->attrs[NL80211_ATTR_WIPHY_TX_POWER_LEVEL] &&
4221 (type != NL80211_TX_POWER_AUTOMATIC))
4222 return -EINVAL;
4223
4224 if (type != NL80211_TX_POWER_AUTOMATIC) {
4225 idx = NL80211_ATTR_WIPHY_TX_POWER_LEVEL;
4226 mbm = nla_get_u32(info->attrs[idx]);
4227 }
4228
4229 result = rdev_set_tx_power(rdev, txp_wdev, radio_idx, type,
4230 mbm);
4231 if (result)
4232 return result;
4233 }
4234
4235 if (info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX] &&
4236 info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]) {
4237 u32 tx_ant, rx_ant;
4238
4239 if ((!rdev->wiphy.available_antennas_tx &&
4240 !rdev->wiphy.available_antennas_rx) ||
4241 !rdev->ops->set_antenna)
4242 return -EOPNOTSUPP;
4243
4244 tx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX]);
4245 rx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]);
4246
4247 /* reject antenna configurations which don't match the
4248 * available antenna masks, except for the "all" mask */
4249 if ((~tx_ant && (tx_ant & ~rdev->wiphy.available_antennas_tx)) ||
4250 (~rx_ant && (rx_ant & ~rdev->wiphy.available_antennas_rx)))
4251 return -EINVAL;
4252
4253 tx_ant = tx_ant & rdev->wiphy.available_antennas_tx;
4254 rx_ant = rx_ant & rdev->wiphy.available_antennas_rx;
4255
4256 result = rdev_set_antenna(rdev, radio_idx, tx_ant, rx_ant);
4257 if (result)
4258 return result;
4259 }
4260
4261 changed = 0;
4262
4263 if (info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]) {
4264 retry_short = nla_get_u8(
4265 info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]);
4266
4267 changed |= WIPHY_PARAM_RETRY_SHORT;
4268 }
4269
4270 if (info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]) {
4271 retry_long = nla_get_u8(
4272 info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]);
4273
4274 changed |= WIPHY_PARAM_RETRY_LONG;
4275 }
4276
4277 if (info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]) {
4278 frag_threshold = nla_get_u32(
4279 info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]);
4280 if (frag_threshold < 256)
4281 return -EINVAL;
4282
4283 if (frag_threshold != (u32) -1) {
4284 /*
4285 * Fragments (apart from the last one) are required to
4286 * have even length. Make the fragmentation code
4287 * simpler by stripping LSB should someone try to use
4288 * odd threshold value.
4289 */
4290 frag_threshold &= ~0x1;
4291 }
4292 changed |= WIPHY_PARAM_FRAG_THRESHOLD;
4293 }
4294
4295 if (info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]) {
4296 rts_threshold = nla_get_u32(
4297 info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]);
4298 changed |= WIPHY_PARAM_RTS_THRESHOLD;
4299 }
4300
4301 if (info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]) {
4302 if (info->attrs[NL80211_ATTR_WIPHY_DYN_ACK])
4303 return -EINVAL;
4304
4305 coverage_class = nla_get_u8(
4306 info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]);
4307 changed |= WIPHY_PARAM_COVERAGE_CLASS;
4308 }
4309
4310 if (info->attrs[NL80211_ATTR_WIPHY_DYN_ACK]) {
4311 if (!(rdev->wiphy.features & NL80211_FEATURE_ACKTO_ESTIMATION))
4312 return -EOPNOTSUPP;
4313
4314 changed |= WIPHY_PARAM_DYN_ACK;
4315 }
4316
4317 if (info->attrs[NL80211_ATTR_TXQ_LIMIT]) {
4318 if (!wiphy_ext_feature_isset(&rdev->wiphy,
4319 NL80211_EXT_FEATURE_TXQS))
4320 return -EOPNOTSUPP;
4321
4322 txq_limit = nla_get_u32(
4323 info->attrs[NL80211_ATTR_TXQ_LIMIT]);
4324 changed |= WIPHY_PARAM_TXQ_LIMIT;
4325 }
4326
4327 if (info->attrs[NL80211_ATTR_TXQ_MEMORY_LIMIT]) {
4328 if (!wiphy_ext_feature_isset(&rdev->wiphy,
4329 NL80211_EXT_FEATURE_TXQS))
4330 return -EOPNOTSUPP;
4331
4332 txq_memory_limit = nla_get_u32(
4333 info->attrs[NL80211_ATTR_TXQ_MEMORY_LIMIT]);
4334 changed |= WIPHY_PARAM_TXQ_MEMORY_LIMIT;
4335 }
4336
4337 if (info->attrs[NL80211_ATTR_TXQ_QUANTUM]) {
4338 if (!wiphy_ext_feature_isset(&rdev->wiphy,
4339 NL80211_EXT_FEATURE_TXQS))
4340 return -EOPNOTSUPP;
4341
4342 txq_quantum = nla_get_u32(
4343 info->attrs[NL80211_ATTR_TXQ_QUANTUM]);
4344 changed |= WIPHY_PARAM_TXQ_QUANTUM;
4345 }
4346
4347 if (changed) {
4348 u8 old_retry_short, old_retry_long;
4349 u32 old_frag_threshold, old_rts_threshold;
4350 u8 old_coverage_class, i;
4351 u32 old_txq_limit, old_txq_memory_limit, old_txq_quantum;
4352 u32 *old_radio_rts_threshold = NULL;
4353
4354 if (!rdev->ops->set_wiphy_params)
4355 return -EOPNOTSUPP;
4356
4357 if (rdev->wiphy.n_radio) {
4358 old_radio_rts_threshold = kcalloc(rdev->wiphy.n_radio,
4359 sizeof(u32),
4360 GFP_KERNEL);
4361 if (!old_radio_rts_threshold)
4362 return -ENOMEM;
4363 }
4364
4365 old_retry_short = rdev->wiphy.retry_short;
4366 old_retry_long = rdev->wiphy.retry_long;
4367 old_frag_threshold = rdev->wiphy.frag_threshold;
4368 old_rts_threshold = rdev->wiphy.rts_threshold;
4369 if (old_radio_rts_threshold) {
4370 for (i = 0 ; i < rdev->wiphy.n_radio; i++)
4371 old_radio_rts_threshold[i] =
4372 rdev->wiphy.radio_cfg[i].rts_threshold;
4373 }
4374 old_coverage_class = rdev->wiphy.coverage_class;
4375 old_txq_limit = rdev->wiphy.txq_limit;
4376 old_txq_memory_limit = rdev->wiphy.txq_memory_limit;
4377 old_txq_quantum = rdev->wiphy.txq_quantum;
4378
4379 if (changed & WIPHY_PARAM_RETRY_SHORT)
4380 rdev->wiphy.retry_short = retry_short;
4381 if (changed & WIPHY_PARAM_RETRY_LONG)
4382 rdev->wiphy.retry_long = retry_long;
4383 if (changed & WIPHY_PARAM_FRAG_THRESHOLD)
4384 rdev->wiphy.frag_threshold = frag_threshold;
4385 if ((changed & WIPHY_PARAM_RTS_THRESHOLD) &&
4386 old_radio_rts_threshold) {
4387 rdev->wiphy.rts_threshold = rts_threshold;
4388 for (i = 0 ; i < rdev->wiphy.n_radio; i++)
4389 rdev->wiphy.radio_cfg[i].rts_threshold =
4390 rdev->wiphy.rts_threshold;
4391 }
4392 if (changed & WIPHY_PARAM_COVERAGE_CLASS)
4393 rdev->wiphy.coverage_class = coverage_class;
4394 if (changed & WIPHY_PARAM_TXQ_LIMIT)
4395 rdev->wiphy.txq_limit = txq_limit;
4396 if (changed & WIPHY_PARAM_TXQ_MEMORY_LIMIT)
4397 rdev->wiphy.txq_memory_limit = txq_memory_limit;
4398 if (changed & WIPHY_PARAM_TXQ_QUANTUM)
4399 rdev->wiphy.txq_quantum = txq_quantum;
4400
4401 result = rdev_set_wiphy_params(rdev, radio_idx, changed);
4402 if (result) {
4403 rdev->wiphy.retry_short = old_retry_short;
4404 rdev->wiphy.retry_long = old_retry_long;
4405 rdev->wiphy.frag_threshold = old_frag_threshold;
4406 rdev->wiphy.rts_threshold = old_rts_threshold;
4407 if (old_radio_rts_threshold) {
4408 for (i = 0 ; i < rdev->wiphy.n_radio; i++)
4409 rdev->wiphy.radio_cfg[i].rts_threshold =
4410 old_radio_rts_threshold[i];
4411 }
4412 rdev->wiphy.coverage_class = old_coverage_class;
4413 rdev->wiphy.txq_limit = old_txq_limit;
4414 rdev->wiphy.txq_memory_limit = old_txq_memory_limit;
4415 rdev->wiphy.txq_quantum = old_txq_quantum;
4416 }
4417
4418 kfree(old_radio_rts_threshold);
4419 return result;
4420 }
4421
4422 return 0;
4423 }
4424
nl80211_send_chandef(struct sk_buff * msg,const struct cfg80211_chan_def * chandef)4425 int nl80211_send_chandef(struct sk_buff *msg, const struct cfg80211_chan_def *chandef)
4426 {
4427 if (WARN_ON(!cfg80211_chandef_valid(chandef)))
4428 return -EINVAL;
4429
4430 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ,
4431 chandef->chan->center_freq))
4432 return -ENOBUFS;
4433 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ_OFFSET,
4434 chandef->chan->freq_offset))
4435 return -ENOBUFS;
4436 switch (chandef->width) {
4437 case NL80211_CHAN_WIDTH_20_NOHT:
4438 case NL80211_CHAN_WIDTH_20:
4439 case NL80211_CHAN_WIDTH_40:
4440 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
4441 cfg80211_get_chandef_type(chandef)))
4442 return -ENOBUFS;
4443 break;
4444 default:
4445 break;
4446 }
4447 if (nla_put_u32(msg, NL80211_ATTR_CHANNEL_WIDTH, chandef->width))
4448 return -ENOBUFS;
4449 if (nla_put_u32(msg, NL80211_ATTR_CENTER_FREQ1, chandef->center_freq1))
4450 return -ENOBUFS;
4451 if (chandef->center_freq2 &&
4452 nla_put_u32(msg, NL80211_ATTR_CENTER_FREQ2, chandef->center_freq2))
4453 return -ENOBUFS;
4454 if (chandef->punctured &&
4455 nla_put_u32(msg, NL80211_ATTR_PUNCT_BITMAP, chandef->punctured))
4456 return -ENOBUFS;
4457 if (chandef->s1g_primary_2mhz &&
4458 nla_put_flag(msg, NL80211_ATTR_S1G_PRIMARY_2MHZ))
4459 return -ENOBUFS;
4460
4461 return 0;
4462 }
4463 EXPORT_SYMBOL(nl80211_send_chandef);
4464
nl80211_send_iface(struct sk_buff * msg,u32 portid,u32 seq,int flags,struct cfg80211_registered_device * rdev,struct wireless_dev * wdev,enum nl80211_commands cmd)4465 static int nl80211_send_iface(struct sk_buff *msg, u32 portid, u32 seq, int flags,
4466 struct cfg80211_registered_device *rdev,
4467 struct wireless_dev *wdev,
4468 enum nl80211_commands cmd)
4469 {
4470 struct net_device *dev = wdev->netdev;
4471 void *hdr;
4472
4473 lockdep_assert_wiphy(&rdev->wiphy);
4474
4475 WARN_ON(cmd != NL80211_CMD_NEW_INTERFACE &&
4476 cmd != NL80211_CMD_DEL_INTERFACE &&
4477 cmd != NL80211_CMD_SET_INTERFACE);
4478
4479 hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
4480 if (!hdr)
4481 return -1;
4482
4483 if (dev &&
4484 (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
4485 nla_put_string(msg, NL80211_ATTR_IFNAME, dev->name)))
4486 goto nla_put_failure;
4487
4488 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
4489 nla_put_u32(msg, NL80211_ATTR_IFTYPE, wdev->iftype) ||
4490 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
4491 NL80211_ATTR_PAD) ||
4492 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, wdev_address(wdev)) ||
4493 nla_put_u32(msg, NL80211_ATTR_GENERATION,
4494 rdev->devlist_generation ^
4495 (cfg80211_rdev_list_generation << 2)) ||
4496 nla_put_u8(msg, NL80211_ATTR_4ADDR, wdev->use_4addr) ||
4497 nla_put_u32(msg, NL80211_ATTR_VIF_RADIO_MASK, wdev->radio_mask))
4498 goto nla_put_failure;
4499
4500 if (rdev->ops->get_channel && !wdev->valid_links) {
4501 struct cfg80211_chan_def chandef = {};
4502 int ret;
4503
4504 ret = rdev_get_channel(rdev, wdev, 0, &chandef);
4505 if (ret == 0 && nl80211_send_chandef(msg, &chandef))
4506 goto nla_put_failure;
4507 }
4508
4509 if (rdev->ops->get_tx_power && !wdev->valid_links) {
4510 int dbm, ret;
4511
4512 ret = rdev_get_tx_power(rdev, wdev, -1, 0, &dbm);
4513 if (ret == 0 &&
4514 nla_put_u32(msg, NL80211_ATTR_WIPHY_TX_POWER_LEVEL,
4515 DBM_TO_MBM(dbm)))
4516 goto nla_put_failure;
4517 }
4518
4519 switch (wdev->iftype) {
4520 case NL80211_IFTYPE_AP:
4521 case NL80211_IFTYPE_P2P_GO:
4522 if (wdev->u.ap.ssid_len &&
4523 nla_put(msg, NL80211_ATTR_SSID, wdev->u.ap.ssid_len,
4524 wdev->u.ap.ssid))
4525 goto nla_put_failure;
4526 break;
4527 case NL80211_IFTYPE_STATION:
4528 case NL80211_IFTYPE_P2P_CLIENT:
4529 if (wdev->u.client.ssid_len &&
4530 nla_put(msg, NL80211_ATTR_SSID, wdev->u.client.ssid_len,
4531 wdev->u.client.ssid))
4532 goto nla_put_failure;
4533 break;
4534 case NL80211_IFTYPE_ADHOC:
4535 if (wdev->u.ibss.ssid_len &&
4536 nla_put(msg, NL80211_ATTR_SSID, wdev->u.ibss.ssid_len,
4537 wdev->u.ibss.ssid))
4538 goto nla_put_failure;
4539 break;
4540 default:
4541 /* nothing */
4542 break;
4543 }
4544
4545 if (rdev->ops->get_txq_stats) {
4546 struct cfg80211_txq_stats txqstats = {};
4547 int ret = rdev_get_txq_stats(rdev, wdev, &txqstats);
4548
4549 if (ret == 0 &&
4550 !nl80211_put_txq_stats(msg, &txqstats,
4551 NL80211_ATTR_TXQ_STATS))
4552 goto nla_put_failure;
4553 }
4554
4555 if (wdev->valid_links) {
4556 unsigned int link_id;
4557 struct nlattr *links = nla_nest_start(msg,
4558 NL80211_ATTR_MLO_LINKS);
4559
4560 if (!links)
4561 goto nla_put_failure;
4562
4563 for_each_valid_link(wdev, link_id) {
4564 struct nlattr *link = nla_nest_start(msg, link_id + 1);
4565 struct cfg80211_chan_def chandef = {};
4566 int ret;
4567
4568 if (!link)
4569 goto nla_put_failure;
4570
4571 if (nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID, link_id))
4572 goto nla_put_failure;
4573 if (nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN,
4574 wdev->links[link_id].addr))
4575 goto nla_put_failure;
4576
4577 ret = rdev_get_channel(rdev, wdev, link_id, &chandef);
4578 if (ret == 0 && nl80211_send_chandef(msg, &chandef))
4579 goto nla_put_failure;
4580
4581 if (rdev->ops->get_tx_power) {
4582 int dbm, ret;
4583
4584 ret = rdev_get_tx_power(rdev, wdev, -1, link_id, &dbm);
4585 if (ret == 0 &&
4586 nla_put_u32(msg, NL80211_ATTR_WIPHY_TX_POWER_LEVEL,
4587 DBM_TO_MBM(dbm)))
4588 goto nla_put_failure;
4589 }
4590 nla_nest_end(msg, link);
4591 }
4592
4593 nla_nest_end(msg, links);
4594 }
4595
4596 genlmsg_end(msg, hdr);
4597 return 0;
4598
4599 nla_put_failure:
4600 genlmsg_cancel(msg, hdr);
4601 return -EMSGSIZE;
4602 }
4603
nl80211_dump_interface(struct sk_buff * skb,struct netlink_callback * cb)4604 static int nl80211_dump_interface(struct sk_buff *skb, struct netlink_callback *cb)
4605 {
4606 int wp_idx = 0;
4607 int if_idx = 0;
4608 int wp_start = cb->args[0];
4609 int if_start = cb->args[1];
4610 int filter_wiphy = -1;
4611 struct cfg80211_registered_device *rdev;
4612 struct wireless_dev *wdev;
4613 int ret;
4614
4615 rtnl_lock();
4616 if (!cb->args[2]) {
4617 struct nl80211_dump_wiphy_state state = {
4618 .filter_wiphy = -1,
4619 };
4620
4621 ret = nl80211_dump_wiphy_parse(skb, cb, &state);
4622 if (ret)
4623 goto out_unlock;
4624
4625 filter_wiphy = state.filter_wiphy;
4626
4627 /*
4628 * if filtering, set cb->args[2] to +1 since 0 is the default
4629 * value needed to determine that parsing is necessary.
4630 */
4631 if (filter_wiphy >= 0)
4632 cb->args[2] = filter_wiphy + 1;
4633 else
4634 cb->args[2] = -1;
4635 } else if (cb->args[2] > 0) {
4636 filter_wiphy = cb->args[2] - 1;
4637 }
4638
4639 for_each_rdev(rdev) {
4640 if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk)))
4641 continue;
4642 if (wp_idx < wp_start) {
4643 wp_idx++;
4644 continue;
4645 }
4646
4647 if (filter_wiphy >= 0 && filter_wiphy != rdev->wiphy_idx)
4648 continue;
4649
4650 if_idx = 0;
4651
4652 guard(wiphy)(&rdev->wiphy);
4653
4654 list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) {
4655 if (if_idx < if_start) {
4656 if_idx++;
4657 continue;
4658 }
4659
4660 if (nl80211_send_iface(skb, NETLINK_CB(cb->skb).portid,
4661 cb->nlh->nlmsg_seq, NLM_F_MULTI,
4662 rdev, wdev,
4663 NL80211_CMD_NEW_INTERFACE) < 0)
4664 goto out;
4665
4666 if_idx++;
4667 }
4668
4669 if_start = 0;
4670 wp_idx++;
4671 }
4672 out:
4673 cb->args[0] = wp_idx;
4674 cb->args[1] = if_idx;
4675
4676 ret = skb->len;
4677 out_unlock:
4678 rtnl_unlock();
4679
4680 return ret;
4681 }
4682
nl80211_get_interface(struct sk_buff * skb,struct genl_info * info)4683 static int nl80211_get_interface(struct sk_buff *skb, struct genl_info *info)
4684 {
4685 struct sk_buff *msg;
4686 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4687 struct wireless_dev *wdev = info->user_ptr[1];
4688
4689 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
4690 if (!msg)
4691 return -ENOMEM;
4692
4693 if (nl80211_send_iface(msg, info->snd_portid, info->snd_seq, 0,
4694 rdev, wdev, NL80211_CMD_NEW_INTERFACE) < 0) {
4695 nlmsg_free(msg);
4696 return -ENOBUFS;
4697 }
4698
4699 return genlmsg_reply(msg, info);
4700 }
4701
4702 static const struct nla_policy mntr_flags_policy[NL80211_MNTR_FLAG_MAX + 1] = {
4703 [NL80211_MNTR_FLAG_FCSFAIL] = { .type = NLA_FLAG },
4704 [NL80211_MNTR_FLAG_PLCPFAIL] = { .type = NLA_FLAG },
4705 [NL80211_MNTR_FLAG_CONTROL] = { .type = NLA_FLAG },
4706 [NL80211_MNTR_FLAG_OTHER_BSS] = { .type = NLA_FLAG },
4707 [NL80211_MNTR_FLAG_COOK_FRAMES] = { .type = NLA_FLAG },
4708 [NL80211_MNTR_FLAG_ACTIVE] = { .type = NLA_FLAG },
4709 [NL80211_MNTR_FLAG_SKIP_TX] = { .type = NLA_FLAG },
4710 };
4711
parse_monitor_flags(struct nlattr * nla,u32 * mntrflags)4712 static int parse_monitor_flags(struct nlattr *nla, u32 *mntrflags)
4713 {
4714 struct nlattr *flags[NL80211_MNTR_FLAG_MAX + 1];
4715 int flag;
4716
4717 *mntrflags = 0;
4718
4719 if (!nla)
4720 return -EINVAL;
4721
4722 if (nla_parse_nested_deprecated(flags, NL80211_MNTR_FLAG_MAX, nla, mntr_flags_policy, NULL))
4723 return -EINVAL;
4724
4725 for (flag = 1; flag <= NL80211_MNTR_FLAG_MAX; flag++)
4726 if (flags[flag])
4727 *mntrflags |= (1<<flag);
4728
4729 /* cooked monitor mode is incompatible with other modes */
4730 if (*mntrflags & MONITOR_FLAG_COOK_FRAMES &&
4731 *mntrflags != MONITOR_FLAG_COOK_FRAMES)
4732 return -EOPNOTSUPP;
4733
4734 *mntrflags |= MONITOR_FLAG_CHANGED;
4735
4736 return 0;
4737 }
4738
nl80211_parse_mon_options(struct cfg80211_registered_device * rdev,enum nl80211_iftype type,struct genl_info * info,struct vif_params * params)4739 static int nl80211_parse_mon_options(struct cfg80211_registered_device *rdev,
4740 enum nl80211_iftype type,
4741 struct genl_info *info,
4742 struct vif_params *params)
4743 {
4744 bool change = false;
4745 int err;
4746
4747 if (info->attrs[NL80211_ATTR_MNTR_FLAGS]) {
4748 if (type != NL80211_IFTYPE_MONITOR)
4749 return -EINVAL;
4750
4751 err = parse_monitor_flags(info->attrs[NL80211_ATTR_MNTR_FLAGS],
4752 ¶ms->flags);
4753 if (err)
4754 return err;
4755
4756 change = true;
4757 }
4758
4759 /* MONITOR_FLAG_COOK_FRAMES is deprecated, refuse cooperation */
4760 if (params->flags & MONITOR_FLAG_COOK_FRAMES)
4761 return -EOPNOTSUPP;
4762
4763 if (params->flags & MONITOR_FLAG_ACTIVE &&
4764 !(rdev->wiphy.features & NL80211_FEATURE_ACTIVE_MONITOR))
4765 return -EOPNOTSUPP;
4766
4767 if (info->attrs[NL80211_ATTR_MU_MIMO_GROUP_DATA]) {
4768 const u8 *mumimo_groups;
4769 u32 cap_flag = NL80211_EXT_FEATURE_MU_MIMO_AIR_SNIFFER;
4770
4771 if (type != NL80211_IFTYPE_MONITOR)
4772 return -EINVAL;
4773
4774 if (!wiphy_ext_feature_isset(&rdev->wiphy, cap_flag))
4775 return -EOPNOTSUPP;
4776
4777 mumimo_groups =
4778 nla_data(info->attrs[NL80211_ATTR_MU_MIMO_GROUP_DATA]);
4779
4780 /* bits 0 and 63 are reserved and must be zero */
4781 if ((mumimo_groups[0] & BIT(0)) ||
4782 (mumimo_groups[VHT_MUMIMO_GROUPS_DATA_LEN - 1] & BIT(7)))
4783 return -EINVAL;
4784
4785 params->vht_mumimo_groups = mumimo_groups;
4786 change = true;
4787 }
4788
4789 if (info->attrs[NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR]) {
4790 u32 cap_flag = NL80211_EXT_FEATURE_MU_MIMO_AIR_SNIFFER;
4791
4792 if (type != NL80211_IFTYPE_MONITOR)
4793 return -EINVAL;
4794
4795 if (!wiphy_ext_feature_isset(&rdev->wiphy, cap_flag))
4796 return -EOPNOTSUPP;
4797
4798 params->vht_mumimo_follow_addr =
4799 nla_data(info->attrs[NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR]);
4800 change = true;
4801 }
4802
4803 return change ? 1 : 0;
4804 }
4805
nl80211_valid_4addr(struct cfg80211_registered_device * rdev,struct net_device * netdev,u8 use_4addr,enum nl80211_iftype iftype)4806 static int nl80211_valid_4addr(struct cfg80211_registered_device *rdev,
4807 struct net_device *netdev, u8 use_4addr,
4808 enum nl80211_iftype iftype)
4809 {
4810 if (!use_4addr) {
4811 if (netdev && netif_is_bridge_port(netdev))
4812 return -EBUSY;
4813 return 0;
4814 }
4815
4816 switch (iftype) {
4817 case NL80211_IFTYPE_AP_VLAN:
4818 if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_AP)
4819 return 0;
4820 break;
4821 case NL80211_IFTYPE_STATION:
4822 if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_STATION)
4823 return 0;
4824 break;
4825 default:
4826 break;
4827 }
4828
4829 return -EOPNOTSUPP;
4830 }
4831
nl80211_parse_vif_radio_mask(struct genl_info * info,u32 * radio_mask)4832 static int nl80211_parse_vif_radio_mask(struct genl_info *info,
4833 u32 *radio_mask)
4834 {
4835 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4836 struct nlattr *attr = info->attrs[NL80211_ATTR_VIF_RADIO_MASK];
4837 u32 mask, allowed;
4838
4839 if (!attr) {
4840 *radio_mask = 0;
4841 return 0;
4842 }
4843
4844 allowed = BIT(rdev->wiphy.n_radio) - 1;
4845 mask = nla_get_u32(attr);
4846 if (mask & ~allowed)
4847 return -EINVAL;
4848 if (!mask)
4849 mask = allowed;
4850 *radio_mask = mask;
4851
4852 return 1;
4853 }
4854
nl80211_set_interface(struct sk_buff * skb,struct genl_info * info)4855 static int nl80211_set_interface(struct sk_buff *skb, struct genl_info *info)
4856 {
4857 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4858 struct vif_params params;
4859 int err;
4860 enum nl80211_iftype otype, ntype;
4861 struct net_device *dev = info->user_ptr[1];
4862 struct wireless_dev *wdev = dev->ieee80211_ptr;
4863 u32 radio_mask = 0;
4864 bool change = false;
4865
4866 memset(¶ms, 0, sizeof(params));
4867
4868 otype = ntype = dev->ieee80211_ptr->iftype;
4869
4870 if (info->attrs[NL80211_ATTR_IFTYPE]) {
4871 ntype = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
4872 if (otype != ntype)
4873 change = true;
4874 }
4875
4876 if (info->attrs[NL80211_ATTR_MESH_ID]) {
4877 if (ntype != NL80211_IFTYPE_MESH_POINT)
4878 return -EINVAL;
4879 if (otype != NL80211_IFTYPE_MESH_POINT)
4880 return -EINVAL;
4881 if (netif_running(dev))
4882 return -EBUSY;
4883
4884 wdev->u.mesh.id_up_len =
4885 nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
4886 memcpy(wdev->u.mesh.id,
4887 nla_data(info->attrs[NL80211_ATTR_MESH_ID]),
4888 wdev->u.mesh.id_up_len);
4889 }
4890
4891 if (info->attrs[NL80211_ATTR_4ADDR]) {
4892 params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]);
4893 change = true;
4894 err = nl80211_valid_4addr(rdev, dev, params.use_4addr, ntype);
4895 if (err)
4896 return err;
4897 } else {
4898 params.use_4addr = -1;
4899 }
4900
4901 err = nl80211_parse_mon_options(rdev, ntype, info, ¶ms);
4902 if (err < 0)
4903 return err;
4904 if (err > 0)
4905 change = true;
4906
4907 err = nl80211_parse_vif_radio_mask(info, &radio_mask);
4908 if (err < 0)
4909 return err;
4910 if (err && netif_running(dev))
4911 return -EBUSY;
4912
4913 if (change)
4914 err = cfg80211_change_iface(rdev, dev, ntype, ¶ms);
4915 else
4916 err = 0;
4917
4918 if (!err && params.use_4addr != -1)
4919 dev->ieee80211_ptr->use_4addr = params.use_4addr;
4920
4921 if (radio_mask)
4922 wdev->radio_mask = radio_mask;
4923
4924 if (change && !err)
4925 nl80211_notify_iface(rdev, wdev, NL80211_CMD_SET_INTERFACE);
4926
4927 return err;
4928 }
4929
_nl80211_new_interface(struct sk_buff * skb,struct genl_info * info)4930 static int _nl80211_new_interface(struct sk_buff *skb, struct genl_info *info)
4931 {
4932 struct cfg80211_registered_device *rdev = info->user_ptr[0];
4933 struct vif_params params;
4934 struct wireless_dev *wdev;
4935 struct sk_buff *msg;
4936 u32 radio_mask;
4937 int err;
4938 enum nl80211_iftype type = NL80211_IFTYPE_UNSPECIFIED;
4939
4940 memset(¶ms, 0, sizeof(params));
4941
4942 if (!info->attrs[NL80211_ATTR_IFNAME])
4943 return -EINVAL;
4944
4945 if (info->attrs[NL80211_ATTR_IFTYPE])
4946 type = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
4947
4948 if (!rdev->ops->add_virtual_intf)
4949 return -EOPNOTSUPP;
4950
4951 if ((type == NL80211_IFTYPE_P2P_DEVICE || type == NL80211_IFTYPE_NAN ||
4952 rdev->wiphy.features & NL80211_FEATURE_MAC_ON_CREATE) &&
4953 info->attrs[NL80211_ATTR_MAC]) {
4954 nla_memcpy(params.macaddr, info->attrs[NL80211_ATTR_MAC],
4955 ETH_ALEN);
4956 if (!is_valid_ether_addr(params.macaddr))
4957 return -EADDRNOTAVAIL;
4958 }
4959
4960 if (info->attrs[NL80211_ATTR_4ADDR]) {
4961 params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]);
4962 err = nl80211_valid_4addr(rdev, NULL, params.use_4addr, type);
4963 if (err)
4964 return err;
4965 }
4966
4967 if (!cfg80211_iftype_allowed(&rdev->wiphy, type, params.use_4addr, 0))
4968 return -EOPNOTSUPP;
4969
4970 err = nl80211_parse_mon_options(rdev, type, info, ¶ms);
4971 if (err < 0)
4972 return err;
4973
4974 err = nl80211_parse_vif_radio_mask(info, &radio_mask);
4975 if (err < 0)
4976 return err;
4977
4978 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
4979 if (!msg)
4980 return -ENOMEM;
4981
4982 wdev = rdev_add_virtual_intf(rdev,
4983 nla_data(info->attrs[NL80211_ATTR_IFNAME]),
4984 NET_NAME_USER, type, ¶ms);
4985 if (WARN_ON(!wdev)) {
4986 nlmsg_free(msg);
4987 return -EPROTO;
4988 } else if (IS_ERR(wdev)) {
4989 nlmsg_free(msg);
4990 return PTR_ERR(wdev);
4991 }
4992
4993 if (info->attrs[NL80211_ATTR_SOCKET_OWNER])
4994 wdev->owner_nlportid = info->snd_portid;
4995
4996 switch (type) {
4997 case NL80211_IFTYPE_MESH_POINT:
4998 if (!info->attrs[NL80211_ATTR_MESH_ID])
4999 break;
5000 wdev->u.mesh.id_up_len =
5001 nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
5002 memcpy(wdev->u.mesh.id,
5003 nla_data(info->attrs[NL80211_ATTR_MESH_ID]),
5004 wdev->u.mesh.id_up_len);
5005 break;
5006 case NL80211_IFTYPE_NAN:
5007 case NL80211_IFTYPE_P2P_DEVICE:
5008 /*
5009 * P2P Device and NAN do not have a netdev, so don't go
5010 * through the netdev notifier and must be added here
5011 */
5012 cfg80211_init_wdev(wdev);
5013 cfg80211_register_wdev(rdev, wdev);
5014 break;
5015 default:
5016 break;
5017 }
5018
5019 if (radio_mask)
5020 wdev->radio_mask = radio_mask;
5021
5022 if (nl80211_send_iface(msg, info->snd_portid, info->snd_seq, 0,
5023 rdev, wdev, NL80211_CMD_NEW_INTERFACE) < 0) {
5024 nlmsg_free(msg);
5025 return -ENOBUFS;
5026 }
5027
5028 return genlmsg_reply(msg, info);
5029 }
5030
nl80211_new_interface(struct sk_buff * skb,struct genl_info * info)5031 static int nl80211_new_interface(struct sk_buff *skb, struct genl_info *info)
5032 {
5033 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5034
5035 /* to avoid failing a new interface creation due to pending removal */
5036 cfg80211_destroy_ifaces(rdev);
5037
5038 guard(wiphy)(&rdev->wiphy);
5039
5040 return _nl80211_new_interface(skb, info);
5041 }
5042
nl80211_del_interface(struct sk_buff * skb,struct genl_info * info)5043 static int nl80211_del_interface(struct sk_buff *skb, struct genl_info *info)
5044 {
5045 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5046 struct wireless_dev *wdev = info->user_ptr[1];
5047
5048 if (!rdev->ops->del_virtual_intf)
5049 return -EOPNOTSUPP;
5050
5051 /*
5052 * We hold RTNL, so this is safe, without RTNL opencount cannot
5053 * reach 0, and thus the rdev cannot be deleted.
5054 *
5055 * We need to do it for the dev_close(), since that will call
5056 * the netdev notifiers, and we need to acquire the mutex there
5057 * but don't know if we get there from here or from some other
5058 * place (e.g. "ip link set ... down").
5059 */
5060 mutex_unlock(&rdev->wiphy.mtx);
5061
5062 /*
5063 * If we remove a wireless device without a netdev then clear
5064 * user_ptr[1] so that nl80211_post_doit won't dereference it
5065 * to check if it needs to do dev_put(). Otherwise it crashes
5066 * since the wdev has been freed, unlike with a netdev where
5067 * we need the dev_put() for the netdev to really be freed.
5068 */
5069 if (!wdev->netdev)
5070 info->user_ptr[1] = NULL;
5071 else
5072 dev_close(wdev->netdev);
5073
5074 cfg80211_close_dependents(rdev, wdev);
5075
5076 mutex_lock(&rdev->wiphy.mtx);
5077
5078 return cfg80211_remove_virtual_intf(rdev, wdev);
5079 }
5080
nl80211_set_noack_map(struct sk_buff * skb,struct genl_info * info)5081 static int nl80211_set_noack_map(struct sk_buff *skb, struct genl_info *info)
5082 {
5083 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5084 struct net_device *dev = info->user_ptr[1];
5085 u16 noack_map;
5086
5087 if (!info->attrs[NL80211_ATTR_NOACK_MAP])
5088 return -EINVAL;
5089
5090 if (!rdev->ops->set_noack_map)
5091 return -EOPNOTSUPP;
5092
5093 noack_map = nla_get_u16(info->attrs[NL80211_ATTR_NOACK_MAP]);
5094
5095 return rdev_set_noack_map(rdev, dev, noack_map);
5096 }
5097
nl80211_validate_key_link_id(struct genl_info * info,struct wireless_dev * wdev,int link_id,bool pairwise)5098 static int nl80211_validate_key_link_id(struct genl_info *info,
5099 struct wireless_dev *wdev,
5100 int link_id, bool pairwise)
5101 {
5102 if (pairwise) {
5103 if (link_id != -1) {
5104 GENL_SET_ERR_MSG(info,
5105 "link ID not allowed for pairwise key");
5106 return -EINVAL;
5107 }
5108
5109 return 0;
5110 }
5111
5112 if (wdev->valid_links) {
5113 if (link_id == -1) {
5114 GENL_SET_ERR_MSG(info,
5115 "link ID must for MLO group key");
5116 return -EINVAL;
5117 }
5118 if (!(wdev->valid_links & BIT(link_id))) {
5119 GENL_SET_ERR_MSG(info, "invalid link ID for MLO group key");
5120 return -EINVAL;
5121 }
5122 } else if (link_id != -1) {
5123 GENL_SET_ERR_MSG(info, "link ID not allowed for non-MLO group key");
5124 return -EINVAL;
5125 }
5126
5127 return 0;
5128 }
5129
5130 struct get_key_cookie {
5131 struct sk_buff *msg;
5132 int error;
5133 int idx;
5134 };
5135
get_key_callback(void * c,struct key_params * params)5136 static void get_key_callback(void *c, struct key_params *params)
5137 {
5138 struct nlattr *key;
5139 struct get_key_cookie *cookie = c;
5140
5141 if ((params->seq &&
5142 nla_put(cookie->msg, NL80211_ATTR_KEY_SEQ,
5143 params->seq_len, params->seq)) ||
5144 (params->cipher &&
5145 nla_put_u32(cookie->msg, NL80211_ATTR_KEY_CIPHER,
5146 params->cipher)))
5147 goto nla_put_failure;
5148
5149 key = nla_nest_start_noflag(cookie->msg, NL80211_ATTR_KEY);
5150 if (!key)
5151 goto nla_put_failure;
5152
5153 if ((params->seq &&
5154 nla_put(cookie->msg, NL80211_KEY_SEQ,
5155 params->seq_len, params->seq)) ||
5156 (params->cipher &&
5157 nla_put_u32(cookie->msg, NL80211_KEY_CIPHER,
5158 params->cipher)))
5159 goto nla_put_failure;
5160
5161 if (nla_put_u8(cookie->msg, NL80211_KEY_IDX, cookie->idx))
5162 goto nla_put_failure;
5163
5164 nla_nest_end(cookie->msg, key);
5165
5166 return;
5167 nla_put_failure:
5168 cookie->error = 1;
5169 }
5170
nl80211_get_key(struct sk_buff * skb,struct genl_info * info)5171 static int nl80211_get_key(struct sk_buff *skb, struct genl_info *info)
5172 {
5173 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5174 int err;
5175 struct wireless_dev *wdev = info->user_ptr[1];
5176 u8 key_idx = 0;
5177 const u8 *mac_addr = NULL;
5178 bool pairwise;
5179 struct get_key_cookie cookie = {
5180 .error = 0,
5181 };
5182 void *hdr;
5183 struct sk_buff *msg;
5184 bool bigtk_support = false;
5185 int link_id = nl80211_link_id_or_invalid(info->attrs);
5186
5187 if (wiphy_ext_feature_isset(&rdev->wiphy,
5188 NL80211_EXT_FEATURE_BEACON_PROTECTION))
5189 bigtk_support = true;
5190
5191 if ((wdev->iftype == NL80211_IFTYPE_STATION ||
5192 wdev->iftype == NL80211_IFTYPE_P2P_CLIENT) &&
5193 wiphy_ext_feature_isset(&rdev->wiphy,
5194 NL80211_EXT_FEATURE_BEACON_PROTECTION_CLIENT))
5195 bigtk_support = true;
5196
5197 if (info->attrs[NL80211_ATTR_KEY_IDX]) {
5198 key_idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
5199
5200 if (key_idx >= 6 && key_idx <= 7 && !bigtk_support) {
5201 GENL_SET_ERR_MSG(info, "BIGTK not supported");
5202 return -EINVAL;
5203 }
5204 }
5205
5206 if (info->attrs[NL80211_ATTR_MAC])
5207 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
5208
5209 pairwise = !!mac_addr;
5210 if (info->attrs[NL80211_ATTR_KEY_TYPE]) {
5211 u32 kt = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]);
5212
5213 if (kt != NL80211_KEYTYPE_GROUP &&
5214 kt != NL80211_KEYTYPE_PAIRWISE)
5215 return -EINVAL;
5216 pairwise = kt == NL80211_KEYTYPE_PAIRWISE;
5217 }
5218
5219 if (!rdev->ops->get_key)
5220 return -EOPNOTSUPP;
5221
5222 if (!pairwise && mac_addr && !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN))
5223 return -ENOENT;
5224
5225 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
5226 if (!msg)
5227 return -ENOMEM;
5228
5229 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
5230 NL80211_CMD_NEW_KEY);
5231 if (!hdr)
5232 goto nla_put_failure;
5233
5234 cookie.msg = msg;
5235 cookie.idx = key_idx;
5236
5237 if ((wdev->netdev &&
5238 nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex)) ||
5239 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
5240 NL80211_ATTR_PAD) ||
5241 nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_idx))
5242 goto nla_put_failure;
5243 if (mac_addr &&
5244 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr))
5245 goto nla_put_failure;
5246
5247 err = nl80211_validate_key_link_id(info, wdev, link_id, pairwise);
5248 if (err)
5249 goto free_msg;
5250
5251 err = rdev_get_key(rdev, wdev, link_id, key_idx, pairwise, mac_addr,
5252 &cookie, get_key_callback);
5253
5254 if (err)
5255 goto free_msg;
5256
5257 if (cookie.error)
5258 goto nla_put_failure;
5259
5260 genlmsg_end(msg, hdr);
5261 return genlmsg_reply(msg, info);
5262
5263 nla_put_failure:
5264 err = -ENOBUFS;
5265 free_msg:
5266 nlmsg_free(msg);
5267 return err;
5268 }
5269
nl80211_set_key(struct sk_buff * skb,struct genl_info * info)5270 static int nl80211_set_key(struct sk_buff *skb, struct genl_info *info)
5271 {
5272 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5273 struct key_parse key;
5274 int err;
5275 struct wireless_dev *wdev = info->user_ptr[1];
5276 int link_id = nl80211_link_id_or_invalid(info->attrs);
5277
5278 err = nl80211_parse_key(info, &key);
5279 if (err)
5280 return err;
5281
5282 if (key.idx < 0)
5283 return -EINVAL;
5284
5285 /* Only support setting default key and
5286 * Extended Key ID action NL80211_KEY_SET_TX.
5287 */
5288 if (!key.def && !key.defmgmt && !key.defbeacon &&
5289 !(key.p.mode == NL80211_KEY_SET_TX))
5290 return -EINVAL;
5291
5292 if (key.def) {
5293 if (!rdev->ops->set_default_key)
5294 return -EOPNOTSUPP;
5295
5296 if (!wdev->netdev)
5297 return -EINVAL;
5298
5299 err = nl80211_key_allowed(wdev);
5300 if (err)
5301 return err;
5302
5303 err = nl80211_validate_key_link_id(info, wdev, link_id, false);
5304 if (err)
5305 return err;
5306
5307 err = rdev_set_default_key(rdev, wdev->netdev, link_id, key.idx,
5308 key.def_uni, key.def_multi);
5309
5310 if (err)
5311 return err;
5312
5313 #ifdef CONFIG_CFG80211_WEXT
5314 wdev->wext.default_key = key.idx;
5315 #endif
5316 return 0;
5317 } else if (key.defmgmt) {
5318 if (key.def_uni || !key.def_multi)
5319 return -EINVAL;
5320
5321 if (!rdev->ops->set_default_mgmt_key)
5322 return -EOPNOTSUPP;
5323
5324 err = nl80211_key_allowed(wdev);
5325 if (err)
5326 return err;
5327
5328 err = nl80211_validate_key_link_id(info, wdev, link_id, false);
5329 if (err)
5330 return err;
5331
5332 err = rdev_set_default_mgmt_key(rdev, wdev, link_id, key.idx);
5333 if (err)
5334 return err;
5335
5336 #ifdef CONFIG_CFG80211_WEXT
5337 wdev->wext.default_mgmt_key = key.idx;
5338 #endif
5339 return 0;
5340 } else if (key.defbeacon) {
5341 if (key.def_uni || !key.def_multi)
5342 return -EINVAL;
5343
5344 if (!rdev->ops->set_default_beacon_key)
5345 return -EOPNOTSUPP;
5346
5347 err = nl80211_key_allowed(wdev);
5348 if (err)
5349 return err;
5350
5351 err = nl80211_validate_key_link_id(info, wdev, link_id, false);
5352 if (err)
5353 return err;
5354
5355 return rdev_set_default_beacon_key(rdev, wdev, link_id,
5356 key.idx);
5357 } else if (key.p.mode == NL80211_KEY_SET_TX &&
5358 wiphy_ext_feature_isset(&rdev->wiphy,
5359 NL80211_EXT_FEATURE_EXT_KEY_ID)) {
5360 u8 *mac_addr = NULL;
5361
5362 if (info->attrs[NL80211_ATTR_MAC])
5363 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
5364
5365 if (!mac_addr || key.idx < 0 || key.idx > 1)
5366 return -EINVAL;
5367
5368 err = nl80211_validate_key_link_id(info, wdev, link_id, true);
5369 if (err)
5370 return err;
5371
5372 return rdev_add_key(rdev, wdev, link_id, key.idx,
5373 NL80211_KEYTYPE_PAIRWISE,
5374 mac_addr, &key.p);
5375 }
5376
5377 return -EINVAL;
5378 }
5379
nl80211_new_key(struct sk_buff * skb,struct genl_info * info)5380 static int nl80211_new_key(struct sk_buff *skb, struct genl_info *info)
5381 {
5382 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5383 int err;
5384 struct wireless_dev *wdev = info->user_ptr[1];
5385 struct key_parse key;
5386 const u8 *mac_addr = NULL;
5387 int link_id = nl80211_link_id_or_invalid(info->attrs);
5388
5389 err = nl80211_parse_key(info, &key);
5390 if (err)
5391 return err;
5392
5393 if (!key.p.key) {
5394 GENL_SET_ERR_MSG(info, "no key");
5395 return -EINVAL;
5396 }
5397
5398 if (info->attrs[NL80211_ATTR_MAC])
5399 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
5400
5401 if (key.type == -1) {
5402 if (mac_addr)
5403 key.type = NL80211_KEYTYPE_PAIRWISE;
5404 else
5405 key.type = NL80211_KEYTYPE_GROUP;
5406 }
5407
5408 /* for now */
5409 if (key.type != NL80211_KEYTYPE_PAIRWISE &&
5410 key.type != NL80211_KEYTYPE_GROUP) {
5411 GENL_SET_ERR_MSG(info, "key type not pairwise or group");
5412 return -EINVAL;
5413 }
5414
5415 if (key.type == NL80211_KEYTYPE_GROUP &&
5416 info->attrs[NL80211_ATTR_VLAN_ID])
5417 key.p.vlan_id = nla_get_u16(info->attrs[NL80211_ATTR_VLAN_ID]);
5418
5419 if (!rdev->ops->add_key)
5420 return -EOPNOTSUPP;
5421
5422 if (cfg80211_validate_key_settings(rdev, &key.p, key.idx,
5423 key.type == NL80211_KEYTYPE_PAIRWISE,
5424 mac_addr)) {
5425 GENL_SET_ERR_MSG(info, "key setting validation failed");
5426 return -EINVAL;
5427 }
5428
5429 err = nl80211_key_allowed(wdev);
5430 if (err)
5431 GENL_SET_ERR_MSG(info, "key not allowed");
5432
5433 if (!err)
5434 err = nl80211_validate_key_link_id(info, wdev, link_id,
5435 key.type == NL80211_KEYTYPE_PAIRWISE);
5436
5437 if (!err) {
5438 err = rdev_add_key(rdev, wdev, link_id, key.idx,
5439 key.type == NL80211_KEYTYPE_PAIRWISE,
5440 mac_addr, &key.p);
5441 if (err)
5442 GENL_SET_ERR_MSG(info, "key addition failed");
5443 }
5444
5445 return err;
5446 }
5447
nl80211_del_key(struct sk_buff * skb,struct genl_info * info)5448 static int nl80211_del_key(struct sk_buff *skb, struct genl_info *info)
5449 {
5450 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5451 int err;
5452 struct wireless_dev *wdev = info->user_ptr[1];
5453 u8 *mac_addr = NULL;
5454 struct key_parse key;
5455 int link_id = nl80211_link_id_or_invalid(info->attrs);
5456
5457 err = nl80211_parse_key(info, &key);
5458 if (err)
5459 return err;
5460
5461 if (info->attrs[NL80211_ATTR_MAC])
5462 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
5463
5464 if (key.type == -1) {
5465 if (mac_addr)
5466 key.type = NL80211_KEYTYPE_PAIRWISE;
5467 else
5468 key.type = NL80211_KEYTYPE_GROUP;
5469 }
5470
5471 /* for now */
5472 if (key.type != NL80211_KEYTYPE_PAIRWISE &&
5473 key.type != NL80211_KEYTYPE_GROUP)
5474 return -EINVAL;
5475
5476 if (!cfg80211_valid_key_idx(rdev, key.idx,
5477 key.type == NL80211_KEYTYPE_PAIRWISE))
5478 return -EINVAL;
5479
5480 if (!rdev->ops->del_key)
5481 return -EOPNOTSUPP;
5482
5483 err = nl80211_key_allowed(wdev);
5484
5485 if (key.type == NL80211_KEYTYPE_GROUP && mac_addr &&
5486 !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN))
5487 err = -ENOENT;
5488
5489 if (!err)
5490 err = nl80211_validate_key_link_id(info, wdev, link_id,
5491 key.type == NL80211_KEYTYPE_PAIRWISE);
5492
5493 if (!err)
5494 err = rdev_del_key(rdev, wdev, link_id, key.idx,
5495 key.type == NL80211_KEYTYPE_PAIRWISE,
5496 mac_addr);
5497
5498 #ifdef CONFIG_CFG80211_WEXT
5499 if (!err) {
5500 if (key.idx == wdev->wext.default_key)
5501 wdev->wext.default_key = -1;
5502 else if (key.idx == wdev->wext.default_mgmt_key)
5503 wdev->wext.default_mgmt_key = -1;
5504 }
5505 #endif
5506
5507 return err;
5508 }
5509
5510 /* This function returns an error or the number of nested attributes */
validate_acl_mac_addrs(struct nlattr * nl_attr)5511 static int validate_acl_mac_addrs(struct nlattr *nl_attr)
5512 {
5513 struct nlattr *attr;
5514 int n_entries = 0, tmp;
5515
5516 nla_for_each_nested(attr, nl_attr, tmp) {
5517 if (nla_len(attr) != ETH_ALEN)
5518 return -EINVAL;
5519
5520 n_entries++;
5521 }
5522
5523 return n_entries;
5524 }
5525
5526 /*
5527 * This function parses ACL information and allocates memory for ACL data.
5528 * On successful return, the calling function is responsible to free the
5529 * ACL buffer returned by this function.
5530 */
parse_acl_data(struct wiphy * wiphy,struct genl_info * info)5531 static struct cfg80211_acl_data *parse_acl_data(struct wiphy *wiphy,
5532 struct genl_info *info)
5533 {
5534 enum nl80211_acl_policy acl_policy;
5535 struct nlattr *attr;
5536 struct cfg80211_acl_data *acl;
5537 int i = 0, n_entries, tmp;
5538
5539 if (!wiphy->max_acl_mac_addrs)
5540 return ERR_PTR(-EOPNOTSUPP);
5541
5542 if (!info->attrs[NL80211_ATTR_ACL_POLICY])
5543 return ERR_PTR(-EINVAL);
5544
5545 acl_policy = nla_get_u32(info->attrs[NL80211_ATTR_ACL_POLICY]);
5546 if (acl_policy != NL80211_ACL_POLICY_ACCEPT_UNLESS_LISTED &&
5547 acl_policy != NL80211_ACL_POLICY_DENY_UNLESS_LISTED)
5548 return ERR_PTR(-EINVAL);
5549
5550 if (!info->attrs[NL80211_ATTR_MAC_ADDRS])
5551 return ERR_PTR(-EINVAL);
5552
5553 n_entries = validate_acl_mac_addrs(info->attrs[NL80211_ATTR_MAC_ADDRS]);
5554 if (n_entries < 0)
5555 return ERR_PTR(n_entries);
5556
5557 if (n_entries > wiphy->max_acl_mac_addrs)
5558 return ERR_PTR(-EOPNOTSUPP);
5559
5560 acl = kzalloc_flex(*acl, mac_addrs, n_entries);
5561 if (!acl)
5562 return ERR_PTR(-ENOMEM);
5563 acl->n_acl_entries = n_entries;
5564
5565 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_MAC_ADDRS], tmp) {
5566 memcpy(acl->mac_addrs[i].addr, nla_data(attr), ETH_ALEN);
5567 i++;
5568 }
5569 acl->acl_policy = acl_policy;
5570
5571 return acl;
5572 }
5573
nl80211_set_mac_acl(struct sk_buff * skb,struct genl_info * info)5574 static int nl80211_set_mac_acl(struct sk_buff *skb, struct genl_info *info)
5575 {
5576 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5577 struct net_device *dev = info->user_ptr[1];
5578 struct cfg80211_acl_data *acl;
5579 int err;
5580
5581 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
5582 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
5583 return -EOPNOTSUPP;
5584
5585 if (!dev->ieee80211_ptr->links[0].ap.beacon_interval)
5586 return -EINVAL;
5587
5588 acl = parse_acl_data(&rdev->wiphy, info);
5589 if (IS_ERR(acl))
5590 return PTR_ERR(acl);
5591
5592 err = rdev_set_mac_acl(rdev, dev, acl);
5593
5594 kfree(acl);
5595
5596 return err;
5597 }
5598
rateset_to_mask(struct ieee80211_supported_band * sband,u8 * rates,u8 rates_len)5599 static u32 rateset_to_mask(struct ieee80211_supported_band *sband,
5600 u8 *rates, u8 rates_len)
5601 {
5602 u8 i;
5603 u32 mask = 0;
5604
5605 for (i = 0; i < rates_len; i++) {
5606 int rate = (rates[i] & 0x7f) * 5;
5607 int ridx;
5608
5609 for (ridx = 0; ridx < sband->n_bitrates; ridx++) {
5610 struct ieee80211_rate *srate =
5611 &sband->bitrates[ridx];
5612 if (rate == srate->bitrate) {
5613 mask |= 1 << ridx;
5614 break;
5615 }
5616 }
5617 if (ridx == sband->n_bitrates)
5618 return 0; /* rate not found */
5619 }
5620
5621 return mask;
5622 }
5623
ht_rateset_to_mask(struct ieee80211_supported_band * sband,u8 * rates,u8 rates_len,u8 mcs[IEEE80211_HT_MCS_MASK_LEN])5624 static bool ht_rateset_to_mask(struct ieee80211_supported_band *sband,
5625 u8 *rates, u8 rates_len,
5626 u8 mcs[IEEE80211_HT_MCS_MASK_LEN])
5627 {
5628 u8 i;
5629
5630 memset(mcs, 0, IEEE80211_HT_MCS_MASK_LEN);
5631
5632 for (i = 0; i < rates_len; i++) {
5633 int ridx, rbit;
5634
5635 ridx = rates[i] / 8;
5636 rbit = BIT(rates[i] % 8);
5637
5638 /* check validity */
5639 if ((ridx < 0) || (ridx >= IEEE80211_HT_MCS_MASK_LEN))
5640 return false;
5641
5642 /* check availability */
5643 ridx = array_index_nospec(ridx, IEEE80211_HT_MCS_MASK_LEN);
5644 if (sband->ht_cap.mcs.rx_mask[ridx] & rbit)
5645 mcs[ridx] |= rbit;
5646 else
5647 return false;
5648 }
5649
5650 return true;
5651 }
5652
vht_mcs_map_to_mcs_mask(u8 vht_mcs_map)5653 static u16 vht_mcs_map_to_mcs_mask(u8 vht_mcs_map)
5654 {
5655 u16 mcs_mask = 0;
5656
5657 switch (vht_mcs_map) {
5658 case IEEE80211_VHT_MCS_NOT_SUPPORTED:
5659 break;
5660 case IEEE80211_VHT_MCS_SUPPORT_0_7:
5661 mcs_mask = 0x00FF;
5662 break;
5663 case IEEE80211_VHT_MCS_SUPPORT_0_8:
5664 mcs_mask = 0x01FF;
5665 break;
5666 case IEEE80211_VHT_MCS_SUPPORT_0_9:
5667 mcs_mask = 0x03FF;
5668 break;
5669 default:
5670 break;
5671 }
5672
5673 return mcs_mask;
5674 }
5675
vht_build_mcs_mask(u16 vht_mcs_map,u16 vht_mcs_mask[NL80211_VHT_NSS_MAX])5676 static void vht_build_mcs_mask(u16 vht_mcs_map,
5677 u16 vht_mcs_mask[NL80211_VHT_NSS_MAX])
5678 {
5679 u8 nss;
5680
5681 for (nss = 0; nss < NL80211_VHT_NSS_MAX; nss++) {
5682 vht_mcs_mask[nss] = vht_mcs_map_to_mcs_mask(vht_mcs_map & 0x03);
5683 vht_mcs_map >>= 2;
5684 }
5685 }
5686
vht_set_mcs_mask(struct ieee80211_supported_band * sband,struct nl80211_txrate_vht * txrate,u16 mcs[NL80211_VHT_NSS_MAX])5687 static bool vht_set_mcs_mask(struct ieee80211_supported_band *sband,
5688 struct nl80211_txrate_vht *txrate,
5689 u16 mcs[NL80211_VHT_NSS_MAX])
5690 {
5691 u16 tx_mcs_map = le16_to_cpu(sband->vht_cap.vht_mcs.tx_mcs_map);
5692 u16 tx_mcs_mask[NL80211_VHT_NSS_MAX] = {};
5693 u8 i;
5694
5695 if (!sband->vht_cap.vht_supported)
5696 return false;
5697
5698 memset(mcs, 0, sizeof(u16) * NL80211_VHT_NSS_MAX);
5699
5700 /* Build vht_mcs_mask from VHT capabilities */
5701 vht_build_mcs_mask(tx_mcs_map, tx_mcs_mask);
5702
5703 for (i = 0; i < NL80211_VHT_NSS_MAX; i++) {
5704 if ((tx_mcs_mask[i] & txrate->mcs[i]) == txrate->mcs[i])
5705 mcs[i] = txrate->mcs[i];
5706 else
5707 return false;
5708 }
5709
5710 return true;
5711 }
5712
he_mcs_map_to_mcs_mask(u8 he_mcs_map)5713 static u16 he_mcs_map_to_mcs_mask(u8 he_mcs_map)
5714 {
5715 switch (he_mcs_map) {
5716 case IEEE80211_HE_MCS_NOT_SUPPORTED:
5717 return 0;
5718 case IEEE80211_HE_MCS_SUPPORT_0_7:
5719 return 0x00FF;
5720 case IEEE80211_HE_MCS_SUPPORT_0_9:
5721 return 0x03FF;
5722 case IEEE80211_HE_MCS_SUPPORT_0_11:
5723 return 0xFFF;
5724 default:
5725 break;
5726 }
5727 return 0;
5728 }
5729
he_build_mcs_mask(u16 he_mcs_map,u16 he_mcs_mask[NL80211_HE_NSS_MAX])5730 static void he_build_mcs_mask(u16 he_mcs_map,
5731 u16 he_mcs_mask[NL80211_HE_NSS_MAX])
5732 {
5733 u8 nss;
5734
5735 for (nss = 0; nss < NL80211_HE_NSS_MAX; nss++) {
5736 he_mcs_mask[nss] = he_mcs_map_to_mcs_mask(he_mcs_map & 0x03);
5737 he_mcs_map >>= 2;
5738 }
5739 }
5740
he_get_txmcsmap(struct genl_info * info,unsigned int link_id,const struct ieee80211_sta_he_cap * he_cap)5741 static u16 he_get_txmcsmap(struct genl_info *info, unsigned int link_id,
5742 const struct ieee80211_sta_he_cap *he_cap)
5743 {
5744 struct net_device *dev = info->user_ptr[1];
5745 struct wireless_dev *wdev = dev->ieee80211_ptr;
5746 struct cfg80211_chan_def *chandef;
5747 __le16 tx_mcs;
5748
5749 chandef = wdev_chandef(wdev, link_id);
5750 if (!chandef) {
5751 /*
5752 * This is probably broken, but we never maintained
5753 * a chandef in these cases, so it always was.
5754 */
5755 return le16_to_cpu(he_cap->he_mcs_nss_supp.tx_mcs_80);
5756 }
5757
5758 switch (chandef->width) {
5759 case NL80211_CHAN_WIDTH_80P80:
5760 tx_mcs = he_cap->he_mcs_nss_supp.tx_mcs_80p80;
5761 break;
5762 case NL80211_CHAN_WIDTH_160:
5763 tx_mcs = he_cap->he_mcs_nss_supp.tx_mcs_160;
5764 break;
5765 default:
5766 tx_mcs = he_cap->he_mcs_nss_supp.tx_mcs_80;
5767 break;
5768 }
5769
5770 return le16_to_cpu(tx_mcs);
5771 }
5772
he_set_mcs_mask(struct genl_info * info,struct wireless_dev * wdev,struct ieee80211_supported_band * sband,struct nl80211_txrate_he * txrate,u16 mcs[NL80211_HE_NSS_MAX],unsigned int link_id)5773 static bool he_set_mcs_mask(struct genl_info *info,
5774 struct wireless_dev *wdev,
5775 struct ieee80211_supported_band *sband,
5776 struct nl80211_txrate_he *txrate,
5777 u16 mcs[NL80211_HE_NSS_MAX],
5778 unsigned int link_id)
5779 {
5780 const struct ieee80211_sta_he_cap *he_cap;
5781 u16 tx_mcs_mask[NL80211_HE_NSS_MAX] = {};
5782 u16 tx_mcs_map = 0;
5783 u8 i;
5784
5785 he_cap = ieee80211_get_he_iftype_cap(sband, wdev->iftype);
5786 if (!he_cap)
5787 return false;
5788
5789 memset(mcs, 0, sizeof(u16) * NL80211_HE_NSS_MAX);
5790
5791 tx_mcs_map = he_get_txmcsmap(info, link_id, he_cap);
5792
5793 /* Build he_mcs_mask from HE capabilities */
5794 he_build_mcs_mask(tx_mcs_map, tx_mcs_mask);
5795
5796 for (i = 0; i < NL80211_HE_NSS_MAX; i++) {
5797 if ((tx_mcs_mask[i] & txrate->mcs[i]) == txrate->mcs[i])
5798 mcs[i] = txrate->mcs[i];
5799 else
5800 return false;
5801 }
5802
5803 return true;
5804 }
5805
eht_build_mcs_mask(struct genl_info * info,const struct ieee80211_sta_eht_cap * eht_cap,u8 mcs_nss_len,u16 * mcs_mask)5806 static void eht_build_mcs_mask(struct genl_info *info,
5807 const struct ieee80211_sta_eht_cap *eht_cap,
5808 u8 mcs_nss_len, u16 *mcs_mask)
5809 {
5810 struct net_device *dev = info->user_ptr[1];
5811 struct wireless_dev *wdev = dev->ieee80211_ptr;
5812 u8 nss, mcs_7 = 0, mcs_9 = 0, mcs_11 = 0, mcs_13 = 0;
5813 unsigned int link_id = nl80211_link_id(info->attrs);
5814
5815 if (mcs_nss_len == 4) {
5816 const struct ieee80211_eht_mcs_nss_supp_20mhz_only *mcs =
5817 &eht_cap->eht_mcs_nss_supp.only_20mhz;
5818
5819 mcs_7 = u8_get_bits(mcs->rx_tx_mcs7_max_nss,
5820 IEEE80211_EHT_MCS_NSS_TX);
5821 mcs_9 = u8_get_bits(mcs->rx_tx_mcs9_max_nss,
5822 IEEE80211_EHT_MCS_NSS_TX);
5823 mcs_11 = u8_get_bits(mcs->rx_tx_mcs11_max_nss,
5824 IEEE80211_EHT_MCS_NSS_TX);
5825 mcs_13 = u8_get_bits(mcs->rx_tx_mcs13_max_nss,
5826 IEEE80211_EHT_MCS_NSS_TX);
5827
5828 } else {
5829 const struct ieee80211_eht_mcs_nss_supp_bw *mcs;
5830 enum nl80211_chan_width width;
5831
5832 switch (wdev->iftype) {
5833 case NL80211_IFTYPE_ADHOC:
5834 width = wdev->u.ibss.chandef.width;
5835 break;
5836 case NL80211_IFTYPE_MESH_POINT:
5837 width = wdev->u.mesh.chandef.width;
5838 break;
5839 case NL80211_IFTYPE_OCB:
5840 width = wdev->u.ocb.chandef.width;
5841 break;
5842 default:
5843 if (wdev->valid_links)
5844 width = wdev->links[link_id].ap.chandef.width;
5845 else
5846 width = wdev->u.ap.preset_chandef.width;
5847 break;
5848 }
5849
5850 switch (width) {
5851 case NL80211_CHAN_WIDTH_320:
5852 mcs = &eht_cap->eht_mcs_nss_supp.bw._320;
5853 break;
5854 case NL80211_CHAN_WIDTH_160:
5855 mcs = &eht_cap->eht_mcs_nss_supp.bw._160;
5856 break;
5857 default:
5858 mcs = &eht_cap->eht_mcs_nss_supp.bw._80;
5859 break;
5860 }
5861
5862 mcs_7 = u8_get_bits(mcs->rx_tx_mcs9_max_nss,
5863 IEEE80211_EHT_MCS_NSS_TX);
5864 mcs_9 = u8_get_bits(mcs->rx_tx_mcs9_max_nss,
5865 IEEE80211_EHT_MCS_NSS_TX);
5866 mcs_11 = u8_get_bits(mcs->rx_tx_mcs11_max_nss,
5867 IEEE80211_EHT_MCS_NSS_TX);
5868 mcs_13 = u8_get_bits(mcs->rx_tx_mcs13_max_nss,
5869 IEEE80211_EHT_MCS_NSS_TX);
5870 }
5871
5872 /* Enable MCS 14 for NSS 0 */
5873 if (eht_cap->eht_cap_elem.phy_cap_info[6] &
5874 IEEE80211_EHT_PHY_CAP6_EHT_DUP_6GHZ_SUPP)
5875 mcs_mask[0] |= 0x4000;
5876
5877 /* Enable MCS 15 for NSS 0 */
5878 mcs_mask[0] |= 0x8000;
5879
5880 for (nss = 0; nss < NL80211_EHT_NSS_MAX; nss++) {
5881 if (!mcs_7)
5882 continue;
5883 mcs_mask[nss] |= 0x00FF;
5884 mcs_7--;
5885
5886 if (!mcs_9)
5887 continue;
5888 mcs_mask[nss] |= 0x0300;
5889 mcs_9--;
5890
5891 if (!mcs_11)
5892 continue;
5893 mcs_mask[nss] |= 0x0C00;
5894 mcs_11--;
5895
5896 if (!mcs_13)
5897 continue;
5898 mcs_mask[nss] |= 0x3000;
5899 mcs_13--;
5900 }
5901 }
5902
eht_set_mcs_mask(struct genl_info * info,struct wireless_dev * wdev,struct ieee80211_supported_band * sband,struct nl80211_txrate_eht * txrate,u16 mcs[NL80211_EHT_NSS_MAX])5903 static bool eht_set_mcs_mask(struct genl_info *info, struct wireless_dev *wdev,
5904 struct ieee80211_supported_band *sband,
5905 struct nl80211_txrate_eht *txrate,
5906 u16 mcs[NL80211_EHT_NSS_MAX])
5907 {
5908 const struct ieee80211_sta_he_cap *he_cap;
5909 const struct ieee80211_sta_eht_cap *eht_cap;
5910 u16 tx_mcs_mask[NL80211_EHT_NSS_MAX] = { 0 };
5911 u8 i, mcs_nss_len;
5912
5913 he_cap = ieee80211_get_he_iftype_cap(sband, wdev->iftype);
5914 if (!he_cap)
5915 return false;
5916
5917 eht_cap = ieee80211_get_eht_iftype_cap(sband, wdev->iftype);
5918 if (!eht_cap)
5919 return false;
5920
5921 /* Checks for MCS 14 */
5922 if (txrate->mcs[0] & 0x4000) {
5923 if (sband->band != NL80211_BAND_6GHZ)
5924 return false;
5925
5926 if (!(eht_cap->eht_cap_elem.phy_cap_info[6] &
5927 IEEE80211_EHT_PHY_CAP6_EHT_DUP_6GHZ_SUPP))
5928 return false;
5929 }
5930
5931 mcs_nss_len = ieee80211_eht_mcs_nss_size(&he_cap->he_cap_elem,
5932 &eht_cap->eht_cap_elem,
5933 wdev->iftype ==
5934 NL80211_IFTYPE_STATION);
5935
5936 if (mcs_nss_len == 3) {
5937 /* Supported iftypes for setting non-20 MHZ only EHT MCS */
5938 switch (wdev->iftype) {
5939 case NL80211_IFTYPE_ADHOC:
5940 case NL80211_IFTYPE_AP:
5941 case NL80211_IFTYPE_P2P_GO:
5942 case NL80211_IFTYPE_MESH_POINT:
5943 case NL80211_IFTYPE_OCB:
5944 break;
5945 default:
5946 return false;
5947 }
5948 }
5949
5950 /* Build eht_mcs_mask from EHT and HE capabilities */
5951 eht_build_mcs_mask(info, eht_cap, mcs_nss_len, tx_mcs_mask);
5952
5953 memset(mcs, 0, sizeof(u16) * NL80211_EHT_NSS_MAX);
5954 for (i = 0; i < NL80211_EHT_NSS_MAX; i++) {
5955 if ((tx_mcs_mask[i] & txrate->mcs[i]) == txrate->mcs[i])
5956 mcs[i] = txrate->mcs[i];
5957 else
5958 return false;
5959 }
5960
5961 return true;
5962 }
5963
nl80211_parse_tx_bitrate_mask(struct genl_info * info,struct nlattr * attrs[],enum nl80211_attrs attr,struct cfg80211_bitrate_mask * mask,struct net_device * dev,bool default_all_enabled,unsigned int link_id)5964 static int nl80211_parse_tx_bitrate_mask(struct genl_info *info,
5965 struct nlattr *attrs[],
5966 enum nl80211_attrs attr,
5967 struct cfg80211_bitrate_mask *mask,
5968 struct net_device *dev,
5969 bool default_all_enabled,
5970 unsigned int link_id)
5971 {
5972 struct nlattr *tb[NL80211_TXRATE_MAX + 1];
5973 struct cfg80211_registered_device *rdev = info->user_ptr[0];
5974 struct wireless_dev *wdev = dev->ieee80211_ptr;
5975 int rem, i;
5976 struct nlattr *tx_rates;
5977 struct ieee80211_supported_band *sband;
5978 u16 vht_tx_mcs_map, he_tx_mcs_map;
5979
5980 memset(mask, 0, sizeof(*mask));
5981 /* Default to all rates enabled */
5982 for (i = 0; i < NUM_NL80211_BANDS; i++) {
5983 const struct ieee80211_sta_he_cap *he_cap;
5984 const struct ieee80211_sta_eht_cap *eht_cap;
5985 u8 mcs_nss_len;
5986
5987 if (!default_all_enabled)
5988 break;
5989
5990 sband = rdev->wiphy.bands[i];
5991
5992 if (!sband)
5993 continue;
5994
5995 mask->control[i].legacy = (1 << sband->n_bitrates) - 1;
5996 memcpy(mask->control[i].ht_mcs,
5997 sband->ht_cap.mcs.rx_mask,
5998 sizeof(mask->control[i].ht_mcs));
5999
6000 if (sband->vht_cap.vht_supported) {
6001 vht_tx_mcs_map = le16_to_cpu(sband->vht_cap.vht_mcs.tx_mcs_map);
6002 vht_build_mcs_mask(vht_tx_mcs_map, mask->control[i].vht_mcs);
6003 }
6004
6005 he_cap = ieee80211_get_he_iftype_cap(sband, wdev->iftype);
6006 if (!he_cap)
6007 continue;
6008
6009 he_tx_mcs_map = he_get_txmcsmap(info, link_id, he_cap);
6010 he_build_mcs_mask(he_tx_mcs_map, mask->control[i].he_mcs);
6011
6012 mask->control[i].he_gi = 0xFF;
6013 mask->control[i].he_ltf = 0xFF;
6014
6015 eht_cap = ieee80211_get_eht_iftype_cap(sband, wdev->iftype);
6016 if (!eht_cap)
6017 continue;
6018
6019 mcs_nss_len = ieee80211_eht_mcs_nss_size(&he_cap->he_cap_elem,
6020 &eht_cap->eht_cap_elem,
6021 wdev->iftype ==
6022 NL80211_IFTYPE_STATION);
6023
6024 eht_build_mcs_mask(info, eht_cap, mcs_nss_len,
6025 mask->control[i].eht_mcs);
6026
6027 mask->control[i].eht_gi = 0xFF;
6028 mask->control[i].eht_ltf = 0xFF;
6029 }
6030
6031 /* if no rates are given set it back to the defaults */
6032 if (!attrs[attr])
6033 goto out;
6034
6035 /* The nested attribute uses enum nl80211_band as the index. This maps
6036 * directly to the enum nl80211_band values used in cfg80211.
6037 */
6038 BUILD_BUG_ON(NL80211_MAX_SUPP_HT_RATES > IEEE80211_HT_MCS_MASK_LEN * 8);
6039 nla_for_each_nested(tx_rates, attrs[attr], rem) {
6040 int band = nla_type(tx_rates);
6041 int err;
6042
6043 if (band < 0 || band >= NUM_NL80211_BANDS)
6044 return -EINVAL;
6045 sband = rdev->wiphy.bands[band];
6046 if (sband == NULL)
6047 return -EINVAL;
6048 err = nla_parse_nested_deprecated(tb, NL80211_TXRATE_MAX,
6049 tx_rates,
6050 nl80211_txattr_policy,
6051 info->extack);
6052 if (err)
6053 return err;
6054 if (tb[NL80211_TXRATE_LEGACY]) {
6055 mask->control[band].legacy = rateset_to_mask(
6056 sband,
6057 nla_data(tb[NL80211_TXRATE_LEGACY]),
6058 nla_len(tb[NL80211_TXRATE_LEGACY]));
6059 if ((mask->control[band].legacy == 0) &&
6060 nla_len(tb[NL80211_TXRATE_LEGACY]))
6061 return -EINVAL;
6062 }
6063 if (tb[NL80211_TXRATE_HT]) {
6064 if (!ht_rateset_to_mask(
6065 sband,
6066 nla_data(tb[NL80211_TXRATE_HT]),
6067 nla_len(tb[NL80211_TXRATE_HT]),
6068 mask->control[band].ht_mcs))
6069 return -EINVAL;
6070 }
6071
6072 if (tb[NL80211_TXRATE_VHT]) {
6073 if (!vht_set_mcs_mask(
6074 sband,
6075 nla_data(tb[NL80211_TXRATE_VHT]),
6076 mask->control[band].vht_mcs))
6077 return -EINVAL;
6078 }
6079
6080 if (tb[NL80211_TXRATE_GI]) {
6081 mask->control[band].gi =
6082 nla_get_u8(tb[NL80211_TXRATE_GI]);
6083 if (mask->control[band].gi > NL80211_TXRATE_FORCE_LGI)
6084 return -EINVAL;
6085 }
6086 if (tb[NL80211_TXRATE_HE] &&
6087 !he_set_mcs_mask(info, wdev, sband,
6088 nla_data(tb[NL80211_TXRATE_HE]),
6089 mask->control[band].he_mcs,
6090 link_id))
6091 return -EINVAL;
6092
6093 if (tb[NL80211_TXRATE_HE_GI])
6094 mask->control[band].he_gi =
6095 nla_get_u8(tb[NL80211_TXRATE_HE_GI]);
6096 if (tb[NL80211_TXRATE_HE_LTF])
6097 mask->control[band].he_ltf =
6098 nla_get_u8(tb[NL80211_TXRATE_HE_LTF]);
6099
6100 if (tb[NL80211_TXRATE_EHT] &&
6101 !eht_set_mcs_mask(info, wdev, sband,
6102 nla_data(tb[NL80211_TXRATE_EHT]),
6103 mask->control[band].eht_mcs))
6104 return -EINVAL;
6105
6106 if (tb[NL80211_TXRATE_EHT_GI])
6107 mask->control[band].eht_gi =
6108 nla_get_u8(tb[NL80211_TXRATE_EHT_GI]);
6109 if (tb[NL80211_TXRATE_EHT_LTF])
6110 mask->control[band].eht_ltf =
6111 nla_get_u8(tb[NL80211_TXRATE_EHT_LTF]);
6112
6113 if (mask->control[band].legacy == 0) {
6114 /* don't allow empty legacy rates if HT, VHT, HE or EHT
6115 * are not even supported.
6116 */
6117 if (!(rdev->wiphy.bands[band]->ht_cap.ht_supported ||
6118 rdev->wiphy.bands[band]->vht_cap.vht_supported ||
6119 ieee80211_get_he_iftype_cap(sband, wdev->iftype) ||
6120 ieee80211_get_eht_iftype_cap(sband, wdev->iftype)))
6121 return -EINVAL;
6122
6123 for (i = 0; i < IEEE80211_HT_MCS_MASK_LEN; i++)
6124 if (mask->control[band].ht_mcs[i])
6125 goto out;
6126
6127 for (i = 0; i < NL80211_VHT_NSS_MAX; i++)
6128 if (mask->control[band].vht_mcs[i])
6129 goto out;
6130
6131 for (i = 0; i < NL80211_HE_NSS_MAX; i++)
6132 if (mask->control[band].he_mcs[i])
6133 goto out;
6134
6135 for (i = 0; i < NL80211_EHT_NSS_MAX; i++)
6136 if (mask->control[band].eht_mcs[i])
6137 goto out;
6138
6139 /* legacy and mcs rates may not be both empty */
6140 return -EINVAL;
6141 }
6142 }
6143
6144 out:
6145 return 0;
6146 }
6147
validate_beacon_tx_rate(struct cfg80211_registered_device * rdev,enum nl80211_band band,struct cfg80211_bitrate_mask * beacon_rate)6148 static int validate_beacon_tx_rate(struct cfg80211_registered_device *rdev,
6149 enum nl80211_band band,
6150 struct cfg80211_bitrate_mask *beacon_rate)
6151 {
6152 u32 count_ht, count_vht, count_he, count_eht, i;
6153 u32 rate = beacon_rate->control[band].legacy;
6154
6155 /* Allow only one rate */
6156 if (hweight32(rate) > 1)
6157 return -EINVAL;
6158
6159 count_ht = 0;
6160 for (i = 0; i < IEEE80211_HT_MCS_MASK_LEN; i++) {
6161 if (hweight8(beacon_rate->control[band].ht_mcs[i]) > 1) {
6162 return -EINVAL;
6163 } else if (beacon_rate->control[band].ht_mcs[i]) {
6164 count_ht++;
6165 if (count_ht > 1)
6166 return -EINVAL;
6167 }
6168 if (count_ht && rate)
6169 return -EINVAL;
6170 }
6171
6172 count_vht = 0;
6173 for (i = 0; i < NL80211_VHT_NSS_MAX; i++) {
6174 if (hweight16(beacon_rate->control[band].vht_mcs[i]) > 1) {
6175 return -EINVAL;
6176 } else if (beacon_rate->control[band].vht_mcs[i]) {
6177 count_vht++;
6178 if (count_vht > 1)
6179 return -EINVAL;
6180 }
6181 if (count_vht && rate)
6182 return -EINVAL;
6183 }
6184
6185 count_he = 0;
6186 for (i = 0; i < NL80211_HE_NSS_MAX; i++) {
6187 if (hweight16(beacon_rate->control[band].he_mcs[i]) > 1) {
6188 return -EINVAL;
6189 } else if (beacon_rate->control[band].he_mcs[i]) {
6190 count_he++;
6191 if (count_he > 1)
6192 return -EINVAL;
6193 }
6194 if (count_he && rate)
6195 return -EINVAL;
6196 }
6197
6198 count_eht = 0;
6199 for (i = 0; i < NL80211_EHT_NSS_MAX; i++) {
6200 if (hweight16(beacon_rate->control[band].eht_mcs[i]) > 1) {
6201 return -EINVAL;
6202 } else if (beacon_rate->control[band].eht_mcs[i]) {
6203 count_eht++;
6204 if (count_eht > 1)
6205 return -EINVAL;
6206 }
6207 if (count_eht && rate)
6208 return -EINVAL;
6209 }
6210
6211 if ((count_ht && count_vht && count_he && count_eht) ||
6212 (!rate && !count_ht && !count_vht && !count_he && !count_eht))
6213 return -EINVAL;
6214
6215 if (rate &&
6216 !wiphy_ext_feature_isset(&rdev->wiphy,
6217 NL80211_EXT_FEATURE_BEACON_RATE_LEGACY))
6218 return -EINVAL;
6219 if (count_ht &&
6220 !wiphy_ext_feature_isset(&rdev->wiphy,
6221 NL80211_EXT_FEATURE_BEACON_RATE_HT))
6222 return -EINVAL;
6223 if (count_vht &&
6224 !wiphy_ext_feature_isset(&rdev->wiphy,
6225 NL80211_EXT_FEATURE_BEACON_RATE_VHT))
6226 return -EINVAL;
6227 if (count_he &&
6228 !wiphy_ext_feature_isset(&rdev->wiphy,
6229 NL80211_EXT_FEATURE_BEACON_RATE_HE))
6230 return -EINVAL;
6231
6232 if (count_eht &&
6233 !wiphy_ext_feature_isset(&rdev->wiphy,
6234 NL80211_EXT_FEATURE_BEACON_RATE_EHT))
6235 return -EINVAL;
6236
6237 return 0;
6238 }
6239
nl80211_parse_mbssid_config(struct wiphy * wiphy,struct net_device * dev,unsigned int link_id,struct nlattr * attrs,struct cfg80211_mbssid_config * config,u8 num_elems)6240 static int nl80211_parse_mbssid_config(struct wiphy *wiphy,
6241 struct net_device *dev,
6242 unsigned int link_id,
6243 struct nlattr *attrs,
6244 struct cfg80211_mbssid_config *config,
6245 u8 num_elems)
6246 {
6247 struct nlattr *tb[NL80211_MBSSID_CONFIG_ATTR_MAX + 1];
6248 int tx_link_id = -1;
6249
6250 if (!wiphy->mbssid_max_interfaces)
6251 return -EOPNOTSUPP;
6252
6253 if (nla_parse_nested(tb, NL80211_MBSSID_CONFIG_ATTR_MAX, attrs, NULL,
6254 NULL) ||
6255 !tb[NL80211_MBSSID_CONFIG_ATTR_INDEX])
6256 return -EINVAL;
6257
6258 config->ema = nla_get_flag(tb[NL80211_MBSSID_CONFIG_ATTR_EMA]);
6259 if (config->ema) {
6260 if (!wiphy->ema_max_profile_periodicity)
6261 return -EOPNOTSUPP;
6262
6263 if (num_elems > wiphy->ema_max_profile_periodicity)
6264 return -EINVAL;
6265 }
6266
6267 config->index = nla_get_u8(tb[NL80211_MBSSID_CONFIG_ATTR_INDEX]);
6268 if (config->index >= wiphy->mbssid_max_interfaces ||
6269 (!config->index && !num_elems))
6270 return -EINVAL;
6271
6272 if (tb[NL80211_MBSSID_CONFIG_ATTR_TX_LINK_ID])
6273 tx_link_id = nla_get_u8(tb[NL80211_MBSSID_CONFIG_ATTR_TX_LINK_ID]);
6274
6275 if (tb[NL80211_MBSSID_CONFIG_ATTR_TX_IFINDEX]) {
6276 u32 tx_ifindex =
6277 nla_get_u32(tb[NL80211_MBSSID_CONFIG_ATTR_TX_IFINDEX]);
6278
6279 if ((!config->index && tx_ifindex != dev->ifindex) ||
6280 (config->index && tx_ifindex == dev->ifindex))
6281 return -EINVAL;
6282
6283 if (tx_ifindex != dev->ifindex) {
6284 struct net_device *tx_netdev =
6285 dev_get_by_index(wiphy_net(wiphy), tx_ifindex);
6286
6287 if (!tx_netdev || !tx_netdev->ieee80211_ptr ||
6288 tx_netdev->ieee80211_ptr->wiphy != wiphy ||
6289 tx_netdev->ieee80211_ptr->iftype !=
6290 NL80211_IFTYPE_AP) {
6291 dev_put(tx_netdev);
6292 return -EINVAL;
6293 }
6294
6295 config->tx_wdev = tx_netdev->ieee80211_ptr;
6296 /* Caller should call dev_put(config->tx_wdev) from this point */
6297
6298 if (config->tx_wdev->valid_links) {
6299 if (tx_link_id == -1 ||
6300 !(config->tx_wdev->valid_links & BIT(tx_link_id)))
6301 return -ENOLINK;
6302
6303 config->tx_link_id = tx_link_id;
6304 }
6305 } else {
6306 if (tx_link_id >= 0 && tx_link_id != link_id)
6307 return -EINVAL;
6308
6309 config->tx_wdev = dev->ieee80211_ptr;
6310 }
6311 } else if (!config->index) {
6312 if (tx_link_id >= 0 && tx_link_id != link_id)
6313 return -EINVAL;
6314
6315 config->tx_wdev = dev->ieee80211_ptr;
6316 } else {
6317 return -EINVAL;
6318 }
6319
6320 return 0;
6321 }
6322
6323 static struct cfg80211_mbssid_elems *
nl80211_parse_mbssid_elems(struct wiphy * wiphy,struct nlattr * attrs)6324 nl80211_parse_mbssid_elems(struct wiphy *wiphy, struct nlattr *attrs)
6325 {
6326 struct nlattr *nl_elems;
6327 struct cfg80211_mbssid_elems *elems;
6328 int rem_elems;
6329 u8 i = 0, num_elems = 0;
6330
6331 if (!wiphy->mbssid_max_interfaces)
6332 return ERR_PTR(-EINVAL);
6333
6334 nla_for_each_nested(nl_elems, attrs, rem_elems) {
6335 if (num_elems >= 255)
6336 return ERR_PTR(-EINVAL);
6337 num_elems++;
6338 }
6339
6340 elems = kzalloc_flex(*elems, elem, num_elems);
6341 if (!elems)
6342 return ERR_PTR(-ENOMEM);
6343 elems->cnt = num_elems;
6344
6345 nla_for_each_nested(nl_elems, attrs, rem_elems) {
6346 elems->elem[i].data = nla_data(nl_elems);
6347 elems->elem[i].len = nla_len(nl_elems);
6348 i++;
6349 }
6350 return elems;
6351 }
6352
6353 static struct cfg80211_rnr_elems *
nl80211_parse_rnr_elems(struct wiphy * wiphy,struct nlattr * attrs,struct netlink_ext_ack * extack)6354 nl80211_parse_rnr_elems(struct wiphy *wiphy, struct nlattr *attrs,
6355 struct netlink_ext_ack *extack)
6356 {
6357 struct nlattr *nl_elems;
6358 struct cfg80211_rnr_elems *elems;
6359 int rem_elems;
6360 u8 i = 0, num_elems = 0;
6361
6362 nla_for_each_nested(nl_elems, attrs, rem_elems) {
6363 int ret;
6364
6365 ret = validate_ie_attr(nl_elems, extack);
6366 if (ret)
6367 return ERR_PTR(ret);
6368
6369 num_elems++;
6370 }
6371
6372 elems = kzalloc_flex(*elems, elem, num_elems);
6373 if (!elems)
6374 return ERR_PTR(-ENOMEM);
6375 elems->cnt = num_elems;
6376
6377 nla_for_each_nested(nl_elems, attrs, rem_elems) {
6378 elems->elem[i].data = nla_data(nl_elems);
6379 elems->elem[i].len = nla_len(nl_elems);
6380 i++;
6381 }
6382 return elems;
6383 }
6384
nl80211_parse_he_bss_color(struct nlattr * attrs,struct cfg80211_he_bss_color * he_bss_color)6385 static int nl80211_parse_he_bss_color(struct nlattr *attrs,
6386 struct cfg80211_he_bss_color *he_bss_color)
6387 {
6388 struct nlattr *tb[NL80211_HE_BSS_COLOR_ATTR_MAX + 1];
6389 int err;
6390
6391 err = nla_parse_nested(tb, NL80211_HE_BSS_COLOR_ATTR_MAX, attrs,
6392 he_bss_color_policy, NULL);
6393 if (err)
6394 return err;
6395
6396 if (!tb[NL80211_HE_BSS_COLOR_ATTR_COLOR])
6397 return -EINVAL;
6398
6399 he_bss_color->color =
6400 nla_get_u8(tb[NL80211_HE_BSS_COLOR_ATTR_COLOR]);
6401 he_bss_color->enabled =
6402 !nla_get_flag(tb[NL80211_HE_BSS_COLOR_ATTR_DISABLED]);
6403 he_bss_color->partial =
6404 nla_get_flag(tb[NL80211_HE_BSS_COLOR_ATTR_PARTIAL]);
6405
6406 return 0;
6407 }
6408
nl80211_parse_beacon(struct cfg80211_registered_device * rdev,struct nlattr * attrs[],struct cfg80211_beacon_data * bcn,struct netlink_ext_ack * extack)6409 static int nl80211_parse_beacon(struct cfg80211_registered_device *rdev,
6410 struct nlattr *attrs[],
6411 struct cfg80211_beacon_data *bcn,
6412 struct netlink_ext_ack *extack)
6413 {
6414 bool haveinfo = false;
6415 int err;
6416
6417 memset(bcn, 0, sizeof(*bcn));
6418
6419 bcn->link_id = nl80211_link_id(attrs);
6420
6421 if (attrs[NL80211_ATTR_BEACON_HEAD]) {
6422 bcn->head = nla_data(attrs[NL80211_ATTR_BEACON_HEAD]);
6423 bcn->head_len = nla_len(attrs[NL80211_ATTR_BEACON_HEAD]);
6424 if (!bcn->head_len)
6425 return -EINVAL;
6426 haveinfo = true;
6427 }
6428
6429 if (attrs[NL80211_ATTR_BEACON_TAIL]) {
6430 bcn->tail = nla_data(attrs[NL80211_ATTR_BEACON_TAIL]);
6431 bcn->tail_len = nla_len(attrs[NL80211_ATTR_BEACON_TAIL]);
6432 haveinfo = true;
6433 }
6434
6435 if (!haveinfo)
6436 return -EINVAL;
6437
6438 if (attrs[NL80211_ATTR_IE]) {
6439 bcn->beacon_ies = nla_data(attrs[NL80211_ATTR_IE]);
6440 bcn->beacon_ies_len = nla_len(attrs[NL80211_ATTR_IE]);
6441 }
6442
6443 if (attrs[NL80211_ATTR_IE_PROBE_RESP]) {
6444 bcn->proberesp_ies =
6445 nla_data(attrs[NL80211_ATTR_IE_PROBE_RESP]);
6446 bcn->proberesp_ies_len =
6447 nla_len(attrs[NL80211_ATTR_IE_PROBE_RESP]);
6448 }
6449
6450 if (attrs[NL80211_ATTR_IE_ASSOC_RESP]) {
6451 bcn->assocresp_ies =
6452 nla_data(attrs[NL80211_ATTR_IE_ASSOC_RESP]);
6453 bcn->assocresp_ies_len =
6454 nla_len(attrs[NL80211_ATTR_IE_ASSOC_RESP]);
6455 }
6456
6457 if (attrs[NL80211_ATTR_PROBE_RESP]) {
6458 bcn->probe_resp = nla_data(attrs[NL80211_ATTR_PROBE_RESP]);
6459 bcn->probe_resp_len = nla_len(attrs[NL80211_ATTR_PROBE_RESP]);
6460 }
6461
6462 if (attrs[NL80211_ATTR_FTM_RESPONDER]) {
6463 struct nlattr *tb[NL80211_FTM_RESP_ATTR_MAX + 1];
6464
6465 err = nla_parse_nested_deprecated(tb,
6466 NL80211_FTM_RESP_ATTR_MAX,
6467 attrs[NL80211_ATTR_FTM_RESPONDER],
6468 NULL, NULL);
6469 if (err)
6470 return err;
6471
6472 if (tb[NL80211_FTM_RESP_ATTR_ENABLED] &&
6473 wiphy_ext_feature_isset(&rdev->wiphy,
6474 NL80211_EXT_FEATURE_ENABLE_FTM_RESPONDER))
6475 bcn->ftm_responder = 1;
6476 else
6477 return -EOPNOTSUPP;
6478
6479 if (tb[NL80211_FTM_RESP_ATTR_LCI]) {
6480 bcn->lci = nla_data(tb[NL80211_FTM_RESP_ATTR_LCI]);
6481 bcn->lci_len = nla_len(tb[NL80211_FTM_RESP_ATTR_LCI]);
6482 }
6483
6484 if (tb[NL80211_FTM_RESP_ATTR_CIVICLOC]) {
6485 bcn->civicloc = nla_data(tb[NL80211_FTM_RESP_ATTR_CIVICLOC]);
6486 bcn->civicloc_len = nla_len(tb[NL80211_FTM_RESP_ATTR_CIVICLOC]);
6487 }
6488 } else {
6489 bcn->ftm_responder = -1;
6490 }
6491
6492 if (attrs[NL80211_ATTR_HE_BSS_COLOR]) {
6493 err = nl80211_parse_he_bss_color(attrs[NL80211_ATTR_HE_BSS_COLOR],
6494 &bcn->he_bss_color);
6495 if (err)
6496 return err;
6497 bcn->he_bss_color_valid = true;
6498 }
6499
6500 if (attrs[NL80211_ATTR_MBSSID_ELEMS]) {
6501 struct cfg80211_mbssid_elems *mbssid =
6502 nl80211_parse_mbssid_elems(&rdev->wiphy,
6503 attrs[NL80211_ATTR_MBSSID_ELEMS]);
6504
6505 if (IS_ERR(mbssid))
6506 return PTR_ERR(mbssid);
6507
6508 bcn->mbssid_ies = mbssid;
6509
6510 if (bcn->mbssid_ies && attrs[NL80211_ATTR_EMA_RNR_ELEMS]) {
6511 struct cfg80211_rnr_elems *rnr =
6512 nl80211_parse_rnr_elems(&rdev->wiphy,
6513 attrs[NL80211_ATTR_EMA_RNR_ELEMS],
6514 extack);
6515
6516 if (IS_ERR(rnr))
6517 return PTR_ERR(rnr);
6518
6519 if (rnr && rnr->cnt < bcn->mbssid_ies->cnt)
6520 return -EINVAL;
6521
6522 bcn->rnr_ies = rnr;
6523 }
6524 }
6525
6526 return 0;
6527 }
6528
nl80211_parse_he_obss_pd(struct nlattr * attrs,struct ieee80211_he_obss_pd * he_obss_pd)6529 static int nl80211_parse_he_obss_pd(struct nlattr *attrs,
6530 struct ieee80211_he_obss_pd *he_obss_pd)
6531 {
6532 struct nlattr *tb[NL80211_HE_OBSS_PD_ATTR_MAX + 1];
6533 int err;
6534
6535 err = nla_parse_nested(tb, NL80211_HE_OBSS_PD_ATTR_MAX, attrs,
6536 he_obss_pd_policy, NULL);
6537 if (err)
6538 return err;
6539
6540 if (!tb[NL80211_HE_OBSS_PD_ATTR_SR_CTRL])
6541 return -EINVAL;
6542
6543 he_obss_pd->sr_ctrl = nla_get_u8(tb[NL80211_HE_OBSS_PD_ATTR_SR_CTRL]);
6544
6545 if (tb[NL80211_HE_OBSS_PD_ATTR_MIN_OFFSET])
6546 he_obss_pd->min_offset =
6547 nla_get_u8(tb[NL80211_HE_OBSS_PD_ATTR_MIN_OFFSET]);
6548 if (tb[NL80211_HE_OBSS_PD_ATTR_MAX_OFFSET])
6549 he_obss_pd->max_offset =
6550 nla_get_u8(tb[NL80211_HE_OBSS_PD_ATTR_MAX_OFFSET]);
6551 if (tb[NL80211_HE_OBSS_PD_ATTR_NON_SRG_MAX_OFFSET])
6552 he_obss_pd->non_srg_max_offset =
6553 nla_get_u8(tb[NL80211_HE_OBSS_PD_ATTR_NON_SRG_MAX_OFFSET]);
6554
6555 if (he_obss_pd->min_offset > he_obss_pd->max_offset)
6556 return -EINVAL;
6557
6558 if (tb[NL80211_HE_OBSS_PD_ATTR_BSS_COLOR_BITMAP])
6559 memcpy(he_obss_pd->bss_color_bitmap,
6560 nla_data(tb[NL80211_HE_OBSS_PD_ATTR_BSS_COLOR_BITMAP]),
6561 sizeof(he_obss_pd->bss_color_bitmap));
6562
6563 if (tb[NL80211_HE_OBSS_PD_ATTR_PARTIAL_BSSID_BITMAP])
6564 memcpy(he_obss_pd->partial_bssid_bitmap,
6565 nla_data(tb[NL80211_HE_OBSS_PD_ATTR_PARTIAL_BSSID_BITMAP]),
6566 sizeof(he_obss_pd->partial_bssid_bitmap));
6567
6568 he_obss_pd->enable = true;
6569
6570 return 0;
6571 }
6572
nl80211_parse_fils_discovery(struct cfg80211_registered_device * rdev,struct nlattr * attrs,struct cfg80211_fils_discovery * fd)6573 static int nl80211_parse_fils_discovery(struct cfg80211_registered_device *rdev,
6574 struct nlattr *attrs,
6575 struct cfg80211_fils_discovery *fd)
6576 {
6577 struct nlattr *tb[NL80211_FILS_DISCOVERY_ATTR_MAX + 1];
6578 int ret;
6579
6580 if (!wiphy_ext_feature_isset(&rdev->wiphy,
6581 NL80211_EXT_FEATURE_FILS_DISCOVERY))
6582 return -EINVAL;
6583
6584 ret = nla_parse_nested(tb, NL80211_FILS_DISCOVERY_ATTR_MAX, attrs,
6585 NULL, NULL);
6586 if (ret)
6587 return ret;
6588
6589 if (!tb[NL80211_FILS_DISCOVERY_ATTR_INT_MIN] &&
6590 !tb[NL80211_FILS_DISCOVERY_ATTR_INT_MAX] &&
6591 !tb[NL80211_FILS_DISCOVERY_ATTR_TMPL]) {
6592 fd->update = true;
6593 return 0;
6594 }
6595
6596 if (!tb[NL80211_FILS_DISCOVERY_ATTR_INT_MIN] ||
6597 !tb[NL80211_FILS_DISCOVERY_ATTR_INT_MAX] ||
6598 !tb[NL80211_FILS_DISCOVERY_ATTR_TMPL])
6599 return -EINVAL;
6600
6601 fd->tmpl_len = nla_len(tb[NL80211_FILS_DISCOVERY_ATTR_TMPL]);
6602 fd->tmpl = nla_data(tb[NL80211_FILS_DISCOVERY_ATTR_TMPL]);
6603 fd->min_interval = nla_get_u32(tb[NL80211_FILS_DISCOVERY_ATTR_INT_MIN]);
6604 fd->max_interval = nla_get_u32(tb[NL80211_FILS_DISCOVERY_ATTR_INT_MAX]);
6605 fd->update = true;
6606 return 0;
6607 }
6608
6609 static int
nl80211_parse_unsol_bcast_probe_resp(struct cfg80211_registered_device * rdev,struct nlattr * attrs,struct cfg80211_unsol_bcast_probe_resp * presp)6610 nl80211_parse_unsol_bcast_probe_resp(struct cfg80211_registered_device *rdev,
6611 struct nlattr *attrs,
6612 struct cfg80211_unsol_bcast_probe_resp *presp)
6613 {
6614 struct nlattr *tb[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_MAX + 1];
6615 int ret;
6616
6617 if (!wiphy_ext_feature_isset(&rdev->wiphy,
6618 NL80211_EXT_FEATURE_UNSOL_BCAST_PROBE_RESP))
6619 return -EINVAL;
6620
6621 ret = nla_parse_nested(tb, NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_MAX,
6622 attrs, NULL, NULL);
6623 if (ret)
6624 return ret;
6625
6626 if (!tb[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_INT] &&
6627 !tb[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_TMPL]) {
6628 presp->update = true;
6629 return 0;
6630 }
6631
6632 if (!tb[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_INT] ||
6633 !tb[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_TMPL])
6634 return -EINVAL;
6635
6636 presp->tmpl = nla_data(tb[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_TMPL]);
6637 presp->tmpl_len = nla_len(tb[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_TMPL]);
6638 presp->interval = nla_get_u32(tb[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_INT]);
6639 presp->update = true;
6640 return 0;
6641 }
6642
nl80211_check_ap_rate_selectors(struct cfg80211_ap_settings * params,const struct element * rates)6643 static void nl80211_check_ap_rate_selectors(struct cfg80211_ap_settings *params,
6644 const struct element *rates)
6645 {
6646 int i;
6647
6648 if (!rates)
6649 return;
6650
6651 for (i = 0; i < rates->datalen; i++) {
6652 if (rates->data[i] == BSS_MEMBERSHIP_SELECTOR_HT_PHY)
6653 params->ht_required = true;
6654 if (rates->data[i] == BSS_MEMBERSHIP_SELECTOR_VHT_PHY)
6655 params->vht_required = true;
6656 if (rates->data[i] == BSS_MEMBERSHIP_SELECTOR_HE_PHY)
6657 params->he_required = true;
6658 if (rates->data[i] == BSS_MEMBERSHIP_SELECTOR_SAE_H2E)
6659 params->sae_h2e_required = true;
6660 }
6661 }
6662
6663 /*
6664 * Since the nl80211 API didn't include, from the beginning, attributes about
6665 * HT/VHT requirements/capabilities, we parse them out of the IEs for the
6666 * benefit of drivers that rebuild IEs in the firmware.
6667 */
nl80211_calculate_ap_params(struct cfg80211_ap_settings * params)6668 static int nl80211_calculate_ap_params(struct cfg80211_ap_settings *params)
6669 {
6670 const struct cfg80211_beacon_data *bcn = ¶ms->beacon;
6671 size_t ies_len = bcn->tail_len;
6672 const u8 *ies = bcn->tail;
6673 const struct element *rates;
6674 const struct element *cap;
6675
6676 rates = cfg80211_find_elem(WLAN_EID_SUPP_RATES, ies, ies_len);
6677 nl80211_check_ap_rate_selectors(params, rates);
6678
6679 rates = cfg80211_find_elem(WLAN_EID_EXT_SUPP_RATES, ies, ies_len);
6680 nl80211_check_ap_rate_selectors(params, rates);
6681
6682 cap = cfg80211_find_elem(WLAN_EID_HT_CAPABILITY, ies, ies_len);
6683 if (cap && cap->datalen >= sizeof(*params->ht_cap))
6684 params->ht_cap = (void *)cap->data;
6685 cap = cfg80211_find_elem(WLAN_EID_VHT_CAPABILITY, ies, ies_len);
6686 if (cap && cap->datalen >= sizeof(*params->vht_cap))
6687 params->vht_cap = (void *)cap->data;
6688 cap = cfg80211_find_ext_elem(WLAN_EID_EXT_HE_CAPABILITY, ies, ies_len);
6689 if (cap && cap->datalen >= sizeof(*params->he_cap) + 1)
6690 params->he_cap = (void *)(cap->data + 1);
6691 cap = cfg80211_find_ext_elem(WLAN_EID_EXT_HE_OPERATION, ies, ies_len);
6692 if (cap && cap->datalen >= sizeof(*params->he_oper) + 1)
6693 params->he_oper = (void *)(cap->data + 1);
6694 cap = cfg80211_find_ext_elem(WLAN_EID_EXT_EHT_CAPABILITY, ies, ies_len);
6695 if (cap) {
6696 if (!cap->datalen)
6697 return -EINVAL;
6698 params->eht_cap = (void *)(cap->data + 1);
6699 if (!ieee80211_eht_capa_size_ok((const u8 *)params->he_cap,
6700 (const u8 *)params->eht_cap,
6701 cap->datalen - 1, true))
6702 return -EINVAL;
6703 }
6704 cap = cfg80211_find_ext_elem(WLAN_EID_EXT_EHT_OPERATION, ies, ies_len);
6705 if (cap) {
6706 if (!cap->datalen)
6707 return -EINVAL;
6708 params->eht_oper = (void *)(cap->data + 1);
6709 if (!ieee80211_eht_oper_size_ok((const u8 *)params->eht_oper,
6710 cap->datalen - 1))
6711 return -EINVAL;
6712 }
6713
6714 return 0;
6715 }
6716
nl80211_get_ap_channel(struct cfg80211_registered_device * rdev,struct cfg80211_ap_settings * params)6717 static bool nl80211_get_ap_channel(struct cfg80211_registered_device *rdev,
6718 struct cfg80211_ap_settings *params)
6719 {
6720 struct wireless_dev *wdev;
6721
6722 list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) {
6723 if (wdev->iftype != NL80211_IFTYPE_AP &&
6724 wdev->iftype != NL80211_IFTYPE_P2P_GO)
6725 continue;
6726
6727 if (!wdev->u.ap.preset_chandef.chan)
6728 continue;
6729
6730 params->chandef = wdev->u.ap.preset_chandef;
6731 return true;
6732 }
6733
6734 return false;
6735 }
6736
nl80211_valid_auth_type(struct cfg80211_registered_device * rdev,enum nl80211_auth_type auth_type,enum nl80211_commands cmd)6737 static bool nl80211_valid_auth_type(struct cfg80211_registered_device *rdev,
6738 enum nl80211_auth_type auth_type,
6739 enum nl80211_commands cmd)
6740 {
6741 if (auth_type > NL80211_AUTHTYPE_MAX)
6742 return false;
6743
6744 switch (cmd) {
6745 case NL80211_CMD_AUTHENTICATE:
6746 if (!(rdev->wiphy.features & NL80211_FEATURE_SAE) &&
6747 auth_type == NL80211_AUTHTYPE_SAE)
6748 return false;
6749 if (!wiphy_ext_feature_isset(&rdev->wiphy,
6750 NL80211_EXT_FEATURE_FILS_STA) &&
6751 (auth_type == NL80211_AUTHTYPE_FILS_SK ||
6752 auth_type == NL80211_AUTHTYPE_FILS_SK_PFS ||
6753 auth_type == NL80211_AUTHTYPE_FILS_PK))
6754 return false;
6755 if (!wiphy_ext_feature_isset(&rdev->wiphy,
6756 NL80211_EXT_FEATURE_EPPKE) &&
6757 auth_type == NL80211_AUTHTYPE_EPPKE)
6758 return false;
6759 if (!wiphy_ext_feature_isset(&rdev->wiphy,
6760 NL80211_EXT_FEATURE_IEEE8021X_AUTH) &&
6761 auth_type == NL80211_AUTHTYPE_IEEE8021X)
6762 return false;
6763 return true;
6764 case NL80211_CMD_CONNECT:
6765 if (!(rdev->wiphy.features & NL80211_FEATURE_SAE) &&
6766 !wiphy_ext_feature_isset(&rdev->wiphy,
6767 NL80211_EXT_FEATURE_SAE_OFFLOAD) &&
6768 auth_type == NL80211_AUTHTYPE_SAE)
6769 return false;
6770
6771 /* FILS with SK PFS or PK not supported yet */
6772 if (auth_type == NL80211_AUTHTYPE_FILS_SK_PFS ||
6773 auth_type == NL80211_AUTHTYPE_FILS_PK)
6774 return false;
6775 if (!wiphy_ext_feature_isset(
6776 &rdev->wiphy,
6777 NL80211_EXT_FEATURE_FILS_SK_OFFLOAD) &&
6778 auth_type == NL80211_AUTHTYPE_FILS_SK)
6779 return false;
6780 if (!wiphy_ext_feature_isset(&rdev->wiphy,
6781 NL80211_EXT_FEATURE_EPPKE) &&
6782 auth_type == NL80211_AUTHTYPE_EPPKE)
6783 return false;
6784 if (!wiphy_ext_feature_isset(&rdev->wiphy,
6785 NL80211_EXT_FEATURE_IEEE8021X_AUTH) &&
6786 auth_type == NL80211_AUTHTYPE_IEEE8021X)
6787 return false;
6788 return true;
6789 case NL80211_CMD_START_AP:
6790 if (!wiphy_ext_feature_isset(&rdev->wiphy,
6791 NL80211_EXT_FEATURE_SAE_OFFLOAD_AP) &&
6792 auth_type == NL80211_AUTHTYPE_SAE)
6793 return false;
6794 /* FILS not supported yet */
6795 if (auth_type == NL80211_AUTHTYPE_FILS_SK ||
6796 auth_type == NL80211_AUTHTYPE_FILS_SK_PFS ||
6797 auth_type == NL80211_AUTHTYPE_FILS_PK)
6798 return false;
6799 return true;
6800 default:
6801 return false;
6802 }
6803 }
6804
nl80211_send_ap_started(struct wireless_dev * wdev,unsigned int link_id)6805 static void nl80211_send_ap_started(struct wireless_dev *wdev,
6806 unsigned int link_id)
6807 {
6808 struct wiphy *wiphy = wdev->wiphy;
6809 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
6810 struct sk_buff *msg;
6811 void *hdr;
6812
6813 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
6814 if (!msg)
6815 return;
6816
6817 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_START_AP);
6818 if (!hdr)
6819 goto out;
6820
6821 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
6822 nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex) ||
6823 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
6824 NL80211_ATTR_PAD) ||
6825 (wdev->u.ap.ssid_len &&
6826 nla_put(msg, NL80211_ATTR_SSID, wdev->u.ap.ssid_len,
6827 wdev->u.ap.ssid)) ||
6828 (wdev->valid_links &&
6829 nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID, link_id)))
6830 goto out;
6831
6832 genlmsg_end(msg, hdr);
6833
6834 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(wiphy), msg, 0,
6835 NL80211_MCGRP_MLME, GFP_KERNEL);
6836 return;
6837 out:
6838 nlmsg_free(msg);
6839 }
6840
nl80211_validate_ap_phy_operation(struct cfg80211_ap_settings * params)6841 static int nl80211_validate_ap_phy_operation(struct cfg80211_ap_settings *params)
6842 {
6843 struct ieee80211_channel *channel = params->chandef.chan;
6844
6845 if ((params->he_cap || params->he_oper) &&
6846 (channel->flags & IEEE80211_CHAN_NO_HE))
6847 return -EOPNOTSUPP;
6848
6849 if ((params->eht_cap || params->eht_oper) &&
6850 (channel->flags & IEEE80211_CHAN_NO_EHT))
6851 return -EOPNOTSUPP;
6852
6853 if (params->uhr_oper && (channel->flags & IEEE80211_CHAN_NO_UHR))
6854 return -EOPNOTSUPP;
6855
6856 return 0;
6857 }
6858
6859 static int
nl80211_parse_s1g_short_beacon(struct cfg80211_registered_device * rdev,struct nlattr * attrs,struct cfg80211_s1g_short_beacon * sb)6860 nl80211_parse_s1g_short_beacon(struct cfg80211_registered_device *rdev,
6861 struct nlattr *attrs,
6862 struct cfg80211_s1g_short_beacon *sb)
6863 {
6864 struct nlattr *tb[NL80211_S1G_SHORT_BEACON_ATTR_MAX + 1];
6865 int ret;
6866
6867 if (!rdev->wiphy.bands[NL80211_BAND_S1GHZ])
6868 return -EINVAL;
6869
6870 ret = nla_parse_nested(tb, NL80211_S1G_SHORT_BEACON_ATTR_MAX, attrs,
6871 NULL, NULL);
6872 if (ret)
6873 return ret;
6874
6875 /* Short beacon tail is optional (i.e might only include the TIM) */
6876 if (!tb[NL80211_S1G_SHORT_BEACON_ATTR_HEAD])
6877 return -EINVAL;
6878
6879 sb->short_head = nla_data(tb[NL80211_S1G_SHORT_BEACON_ATTR_HEAD]);
6880 sb->short_head_len = nla_len(tb[NL80211_S1G_SHORT_BEACON_ATTR_HEAD]);
6881 sb->short_tail_len = 0;
6882
6883 if (tb[NL80211_S1G_SHORT_BEACON_ATTR_TAIL]) {
6884 sb->short_tail =
6885 nla_data(tb[NL80211_S1G_SHORT_BEACON_ATTR_TAIL]);
6886 sb->short_tail_len =
6887 nla_len(tb[NL80211_S1G_SHORT_BEACON_ATTR_TAIL]);
6888 }
6889
6890 sb->update = true;
6891 return 0;
6892 }
6893
nl80211_start_ap(struct sk_buff * skb,struct genl_info * info)6894 static int nl80211_start_ap(struct sk_buff *skb, struct genl_info *info)
6895 {
6896 struct cfg80211_registered_device *rdev = info->user_ptr[0];
6897 struct cfg80211_beaconing_check_config beacon_check = {};
6898 unsigned int link_id = nl80211_link_id(info->attrs);
6899 struct net_device *dev = info->user_ptr[1];
6900 struct wireless_dev *wdev = dev->ieee80211_ptr;
6901 struct cfg80211_ap_settings *params;
6902 int err;
6903
6904 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
6905 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
6906 return -EOPNOTSUPP;
6907
6908 if (!rdev->ops->start_ap)
6909 return -EOPNOTSUPP;
6910
6911 if (wdev->links[link_id].cac_started)
6912 return -EBUSY;
6913
6914 if (wdev->links[link_id].ap.beacon_interval)
6915 return -EALREADY;
6916
6917 /* these are required for START_AP */
6918 if (!info->attrs[NL80211_ATTR_BEACON_INTERVAL] ||
6919 !info->attrs[NL80211_ATTR_DTIM_PERIOD] ||
6920 !info->attrs[NL80211_ATTR_BEACON_HEAD])
6921 return -EINVAL;
6922
6923 if (info->attrs[NL80211_ATTR_SMPS_MODE] &&
6924 nla_get_u8(info->attrs[NL80211_ATTR_SMPS_MODE]) != NL80211_SMPS_OFF)
6925 return -EOPNOTSUPP;
6926
6927 params = kzalloc_obj(*params);
6928 if (!params)
6929 return -ENOMEM;
6930
6931 err = nl80211_parse_beacon(rdev, info->attrs, ¶ms->beacon,
6932 info->extack);
6933 if (err)
6934 goto out;
6935
6936 params->beacon_interval =
6937 nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
6938 params->dtim_period =
6939 nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]);
6940
6941 err = cfg80211_validate_beacon_int(rdev, dev->ieee80211_ptr->iftype,
6942 params->beacon_interval);
6943 if (err)
6944 goto out;
6945
6946 /*
6947 * In theory, some of these attributes should be required here
6948 * but since they were not used when the command was originally
6949 * added, keep them optional for old user space programs to let
6950 * them continue to work with drivers that do not need the
6951 * additional information -- drivers must check!
6952 */
6953 if (info->attrs[NL80211_ATTR_SSID]) {
6954 params->ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
6955 params->ssid_len =
6956 nla_len(info->attrs[NL80211_ATTR_SSID]);
6957 if (params->ssid_len == 0) {
6958 err = -EINVAL;
6959 goto out;
6960 }
6961
6962 if (wdev->u.ap.ssid_len &&
6963 (wdev->u.ap.ssid_len != params->ssid_len ||
6964 memcmp(wdev->u.ap.ssid, params->ssid, params->ssid_len))) {
6965 /* require identical SSID for MLO */
6966 err = -EINVAL;
6967 goto out;
6968 }
6969 } else if (wdev->valid_links) {
6970 /* require SSID for MLO */
6971 err = -EINVAL;
6972 goto out;
6973 }
6974
6975 if (info->attrs[NL80211_ATTR_HIDDEN_SSID])
6976 params->hidden_ssid = nla_get_u32(
6977 info->attrs[NL80211_ATTR_HIDDEN_SSID]);
6978
6979 params->privacy = !!info->attrs[NL80211_ATTR_PRIVACY];
6980
6981 if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
6982 params->auth_type = nla_get_u32(
6983 info->attrs[NL80211_ATTR_AUTH_TYPE]);
6984 if (!nl80211_valid_auth_type(rdev, params->auth_type,
6985 NL80211_CMD_START_AP)) {
6986 err = -EINVAL;
6987 goto out;
6988 }
6989 } else
6990 params->auth_type = NL80211_AUTHTYPE_AUTOMATIC;
6991
6992 err = nl80211_crypto_settings(rdev, info, ¶ms->crypto,
6993 NL80211_MAX_NR_CIPHER_SUITES);
6994 if (err)
6995 goto out;
6996
6997 if (info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]) {
6998 if (!(rdev->wiphy.features & NL80211_FEATURE_INACTIVITY_TIMER)) {
6999 err = -EOPNOTSUPP;
7000 goto out;
7001 }
7002 params->inactivity_timeout = nla_get_u16(
7003 info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]);
7004 }
7005
7006 if (info->attrs[NL80211_ATTR_P2P_CTWINDOW]) {
7007 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) {
7008 err = -EINVAL;
7009 goto out;
7010 }
7011 params->p2p_ctwindow =
7012 nla_get_u8(info->attrs[NL80211_ATTR_P2P_CTWINDOW]);
7013 if (params->p2p_ctwindow != 0 &&
7014 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_CTWIN)) {
7015 err = -EINVAL;
7016 goto out;
7017 }
7018 }
7019
7020 if (info->attrs[NL80211_ATTR_P2P_OPPPS]) {
7021 u8 tmp;
7022
7023 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) {
7024 err = -EINVAL;
7025 goto out;
7026 }
7027 tmp = nla_get_u8(info->attrs[NL80211_ATTR_P2P_OPPPS]);
7028 params->p2p_opp_ps = tmp;
7029 if (params->p2p_opp_ps != 0 &&
7030 !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_OPPPS)) {
7031 err = -EINVAL;
7032 goto out;
7033 }
7034 }
7035
7036 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
7037 err = nl80211_parse_chandef(rdev, info->extack, info->attrs,
7038 ¶ms->chandef);
7039 if (err)
7040 goto out;
7041 } else if (wdev->valid_links) {
7042 /* with MLD need to specify the channel configuration */
7043 err = -EINVAL;
7044 goto out;
7045 } else if (wdev->u.ap.preset_chandef.chan) {
7046 params->chandef = wdev->u.ap.preset_chandef;
7047 } else if (!nl80211_get_ap_channel(rdev, params)) {
7048 err = -EINVAL;
7049 goto out;
7050 }
7051
7052 beacon_check.iftype = wdev->iftype;
7053 beacon_check.relax = true;
7054 beacon_check.reg_power =
7055 cfg80211_get_6ghz_power_type(params->beacon.tail,
7056 params->beacon.tail_len, 0);
7057 if (!cfg80211_reg_check_beaconing(&rdev->wiphy, ¶ms->chandef,
7058 &beacon_check)) {
7059 err = -EINVAL;
7060 goto out;
7061 }
7062
7063 if (info->attrs[NL80211_ATTR_TX_RATES]) {
7064 err = nl80211_parse_tx_bitrate_mask(info, info->attrs,
7065 NL80211_ATTR_TX_RATES,
7066 ¶ms->beacon_rate,
7067 dev, false, link_id);
7068 if (err)
7069 goto out;
7070
7071 err = validate_beacon_tx_rate(rdev, params->chandef.chan->band,
7072 ¶ms->beacon_rate);
7073 if (err)
7074 goto out;
7075 }
7076
7077 params->pbss = nla_get_flag(info->attrs[NL80211_ATTR_PBSS]);
7078 if (params->pbss && !rdev->wiphy.bands[NL80211_BAND_60GHZ]) {
7079 err = -EOPNOTSUPP;
7080 goto out;
7081 }
7082
7083 if (info->attrs[NL80211_ATTR_ACL_POLICY]) {
7084 params->acl = parse_acl_data(&rdev->wiphy, info);
7085 if (IS_ERR(params->acl)) {
7086 err = PTR_ERR(params->acl);
7087 params->acl = NULL;
7088 goto out;
7089 }
7090 }
7091
7092 params->twt_responder =
7093 nla_get_flag(info->attrs[NL80211_ATTR_TWT_RESPONDER]);
7094
7095 if (info->attrs[NL80211_ATTR_HE_OBSS_PD]) {
7096 err = nl80211_parse_he_obss_pd(
7097 info->attrs[NL80211_ATTR_HE_OBSS_PD],
7098 ¶ms->he_obss_pd);
7099 if (err)
7100 goto out;
7101 }
7102
7103 if (info->attrs[NL80211_ATTR_FILS_DISCOVERY]) {
7104 err = nl80211_parse_fils_discovery(rdev,
7105 info->attrs[NL80211_ATTR_FILS_DISCOVERY],
7106 ¶ms->fils_discovery);
7107 if (err)
7108 goto out;
7109 }
7110
7111 if (info->attrs[NL80211_ATTR_UNSOL_BCAST_PROBE_RESP]) {
7112 err = nl80211_parse_unsol_bcast_probe_resp(
7113 rdev, info->attrs[NL80211_ATTR_UNSOL_BCAST_PROBE_RESP],
7114 ¶ms->unsol_bcast_probe_resp);
7115 if (err)
7116 goto out;
7117 }
7118
7119 if (info->attrs[NL80211_ATTR_MBSSID_CONFIG]) {
7120 err = nl80211_parse_mbssid_config(&rdev->wiphy, dev, link_id,
7121 info->attrs[NL80211_ATTR_MBSSID_CONFIG],
7122 ¶ms->mbssid_config,
7123 params->beacon.mbssid_ies ?
7124 params->beacon.mbssid_ies->cnt :
7125 0);
7126 if (err)
7127 goto out;
7128 }
7129
7130 if (!params->mbssid_config.ema && params->beacon.rnr_ies) {
7131 err = -EINVAL;
7132 goto out;
7133 }
7134
7135 if (info->attrs[NL80211_ATTR_S1G_SHORT_BEACON]) {
7136 if (!info->attrs[NL80211_ATTR_S1G_LONG_BEACON_PERIOD]) {
7137 err = -EINVAL;
7138 goto out;
7139 }
7140
7141 params->s1g_long_beacon_period = nla_get_u8(
7142 info->attrs[NL80211_ATTR_S1G_LONG_BEACON_PERIOD]);
7143
7144 err = nl80211_parse_s1g_short_beacon(
7145 rdev, info->attrs[NL80211_ATTR_S1G_SHORT_BEACON],
7146 ¶ms->s1g_short_beacon);
7147 if (err)
7148 goto out;
7149 }
7150
7151 err = nl80211_calculate_ap_params(params);
7152 if (err)
7153 goto out;
7154
7155 if (info->attrs[NL80211_ATTR_UHR_OPERATION])
7156 params->uhr_oper = nla_data(info->attrs[NL80211_ATTR_UHR_OPERATION]);
7157
7158 err = nl80211_validate_ap_phy_operation(params);
7159 if (err)
7160 goto out;
7161
7162 if (info->attrs[NL80211_ATTR_AP_SETTINGS_FLAGS])
7163 params->flags = nla_get_u32(
7164 info->attrs[NL80211_ATTR_AP_SETTINGS_FLAGS]);
7165 else if (info->attrs[NL80211_ATTR_EXTERNAL_AUTH_SUPPORT])
7166 params->flags |= NL80211_AP_SETTINGS_EXTERNAL_AUTH_SUPPORT;
7167
7168 if (wdev->conn_owner_nlportid &&
7169 info->attrs[NL80211_ATTR_SOCKET_OWNER] &&
7170 wdev->conn_owner_nlportid != info->snd_portid) {
7171 err = -EINVAL;
7172 goto out;
7173 }
7174
7175 /* FIXME: validate MLO/link-id against driver capabilities */
7176
7177 err = rdev_start_ap(rdev, dev, params);
7178 if (!err) {
7179 wdev->links[link_id].ap.beacon_interval = params->beacon_interval;
7180 wdev->links[link_id].ap.chandef = params->chandef;
7181 wdev->u.ap.ssid_len = params->ssid_len;
7182 memcpy(wdev->u.ap.ssid, params->ssid,
7183 params->ssid_len);
7184
7185 if (info->attrs[NL80211_ATTR_SOCKET_OWNER])
7186 wdev->conn_owner_nlportid = info->snd_portid;
7187
7188 nl80211_send_ap_started(wdev, link_id);
7189 }
7190 out:
7191 kfree(params->acl);
7192 kfree(params->beacon.mbssid_ies);
7193 if (params->mbssid_config.tx_wdev &&
7194 params->mbssid_config.tx_wdev->netdev &&
7195 params->mbssid_config.tx_wdev->netdev != dev)
7196 dev_put(params->mbssid_config.tx_wdev->netdev);
7197 kfree(params->beacon.rnr_ies);
7198 kfree(params);
7199
7200 return err;
7201 }
7202
nl80211_set_beacon(struct sk_buff * skb,struct genl_info * info)7203 static int nl80211_set_beacon(struct sk_buff *skb, struct genl_info *info)
7204 {
7205 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7206 struct cfg80211_beaconing_check_config beacon_check = {};
7207 unsigned int link_id = nl80211_link_id(info->attrs);
7208 struct net_device *dev = info->user_ptr[1];
7209 struct wireless_dev *wdev = dev->ieee80211_ptr;
7210 struct cfg80211_ap_update *params;
7211 struct nlattr *attr;
7212 int err;
7213
7214 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
7215 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
7216 return -EOPNOTSUPP;
7217
7218 if (!rdev->ops->change_beacon)
7219 return -EOPNOTSUPP;
7220
7221 if (!wdev->links[link_id].ap.beacon_interval)
7222 return -EINVAL;
7223
7224 params = kzalloc_obj(*params);
7225 if (!params)
7226 return -ENOMEM;
7227
7228 err = nl80211_parse_beacon(rdev, info->attrs, ¶ms->beacon,
7229 info->extack);
7230 if (err)
7231 goto out;
7232
7233 /* recheck beaconing is permitted with possibly changed power type */
7234 beacon_check.iftype = wdev->iftype;
7235 beacon_check.relax = true;
7236 beacon_check.reg_power =
7237 cfg80211_get_6ghz_power_type(params->beacon.tail,
7238 params->beacon.tail_len, 0);
7239 if (!cfg80211_reg_check_beaconing(&rdev->wiphy,
7240 &wdev->links[link_id].ap.chandef,
7241 &beacon_check)) {
7242 err = -EINVAL;
7243 goto out;
7244 }
7245
7246 attr = info->attrs[NL80211_ATTR_FILS_DISCOVERY];
7247 if (attr) {
7248 err = nl80211_parse_fils_discovery(rdev, attr,
7249 ¶ms->fils_discovery);
7250 if (err)
7251 goto out;
7252 }
7253
7254 attr = info->attrs[NL80211_ATTR_UNSOL_BCAST_PROBE_RESP];
7255 if (attr) {
7256 err = nl80211_parse_unsol_bcast_probe_resp(rdev, attr,
7257 ¶ms->unsol_bcast_probe_resp);
7258 if (err)
7259 goto out;
7260 }
7261
7262 attr = info->attrs[NL80211_ATTR_S1G_SHORT_BEACON];
7263 if (attr) {
7264 err = nl80211_parse_s1g_short_beacon(rdev, attr,
7265 ¶ms->s1g_short_beacon);
7266 if (err)
7267 goto out;
7268 }
7269
7270 err = rdev_change_beacon(rdev, dev, params);
7271
7272 out:
7273 kfree(params->beacon.mbssid_ies);
7274 kfree(params->beacon.rnr_ies);
7275 kfree(params);
7276 return err;
7277 }
7278
nl80211_stop_ap(struct sk_buff * skb,struct genl_info * info)7279 static int nl80211_stop_ap(struct sk_buff *skb, struct genl_info *info)
7280 {
7281 struct cfg80211_registered_device *rdev = info->user_ptr[0];
7282 unsigned int link_id = nl80211_link_id(info->attrs);
7283 struct net_device *dev = info->user_ptr[1];
7284
7285 return cfg80211_stop_ap(rdev, dev, link_id, false);
7286 }
7287
7288 static const struct nla_policy sta_flags_policy[NL80211_STA_FLAG_MAX + 1] = {
7289 [NL80211_STA_FLAG_AUTHORIZED] = { .type = NLA_FLAG },
7290 [NL80211_STA_FLAG_SHORT_PREAMBLE] = { .type = NLA_FLAG },
7291 [NL80211_STA_FLAG_WME] = { .type = NLA_FLAG },
7292 [NL80211_STA_FLAG_MFP] = { .type = NLA_FLAG },
7293 [NL80211_STA_FLAG_AUTHENTICATED] = { .type = NLA_FLAG },
7294 [NL80211_STA_FLAG_TDLS_PEER] = { .type = NLA_FLAG },
7295 };
7296
parse_station_flags(struct genl_info * info,enum nl80211_iftype iftype,struct station_parameters * params)7297 static int parse_station_flags(struct genl_info *info,
7298 enum nl80211_iftype iftype,
7299 struct station_parameters *params)
7300 {
7301 struct nlattr *flags[NL80211_STA_FLAG_MAX + 1];
7302 struct nlattr *nla;
7303 int flag;
7304
7305 /*
7306 * Try parsing the new attribute first so userspace
7307 * can specify both for older kernels.
7308 */
7309 nla = info->attrs[NL80211_ATTR_STA_FLAGS2];
7310 if (nla) {
7311 struct nl80211_sta_flag_update *sta_flags;
7312
7313 sta_flags = nla_data(nla);
7314 params->sta_flags_mask = sta_flags->mask;
7315 params->sta_flags_set = sta_flags->set;
7316 params->sta_flags_set &= params->sta_flags_mask;
7317 if ((params->sta_flags_mask |
7318 params->sta_flags_set) & BIT(__NL80211_STA_FLAG_INVALID))
7319 return -EINVAL;
7320
7321 if ((iftype == NL80211_IFTYPE_NAN ||
7322 iftype == NL80211_IFTYPE_NAN_DATA) &&
7323 params->sta_flags_mask &
7324 ~(BIT(NL80211_STA_FLAG_AUTHENTICATED) |
7325 BIT(NL80211_STA_FLAG_ASSOCIATED) |
7326 BIT(NL80211_STA_FLAG_AUTHORIZED) |
7327 BIT(NL80211_STA_FLAG_MFP)))
7328 return -EINVAL;
7329
7330 /* WME is always used in NAN */
7331 if (iftype == NL80211_IFTYPE_NAN_DATA) {
7332 /* but don't let userspace control it */
7333 if (params->sta_flags_mask & BIT(NL80211_STA_FLAG_WME))
7334 return -EINVAL;
7335
7336 params->sta_flags_mask |= BIT(NL80211_STA_FLAG_WME);
7337 params->sta_flags_set |= BIT(NL80211_STA_FLAG_WME);
7338 }
7339
7340 return 0;
7341 }
7342
7343 /* if present, parse the old attribute */
7344
7345 nla = info->attrs[NL80211_ATTR_STA_FLAGS];
7346 if (!nla)
7347 return 0;
7348
7349 if (nla_parse_nested_deprecated(flags, NL80211_STA_FLAG_MAX, nla, sta_flags_policy, info->extack))
7350 return -EINVAL;
7351
7352 /*
7353 * Only allow certain flags for interface types so that
7354 * other attributes are silently ignored. Remember that
7355 * this is backward compatibility code with old userspace
7356 * and shouldn't be hit in other cases anyway.
7357 */
7358 switch (iftype) {
7359 case NL80211_IFTYPE_AP:
7360 case NL80211_IFTYPE_AP_VLAN:
7361 case NL80211_IFTYPE_P2P_GO:
7362 params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) |
7363 BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) |
7364 BIT(NL80211_STA_FLAG_WME) |
7365 BIT(NL80211_STA_FLAG_MFP);
7366 break;
7367 case NL80211_IFTYPE_P2P_CLIENT:
7368 case NL80211_IFTYPE_STATION:
7369 params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) |
7370 BIT(NL80211_STA_FLAG_TDLS_PEER);
7371 break;
7372 case NL80211_IFTYPE_MESH_POINT:
7373 params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHENTICATED) |
7374 BIT(NL80211_STA_FLAG_MFP) |
7375 BIT(NL80211_STA_FLAG_AUTHORIZED);
7376 break;
7377 default:
7378 return -EINVAL;
7379 }
7380
7381 for (flag = 1; flag <= NL80211_STA_FLAG_MAX; flag++) {
7382 if (flags[flag]) {
7383 params->sta_flags_set |= (1<<flag);
7384
7385 /* no longer support new API additions in old API */
7386 if (flag > NL80211_STA_FLAG_MAX_OLD_API)
7387 return -EINVAL;
7388 }
7389 }
7390
7391 return 0;
7392 }
7393
nl80211_put_sta_rate(struct sk_buff * msg,struct rate_info * info,int attr)7394 bool nl80211_put_sta_rate(struct sk_buff *msg, struct rate_info *info, int attr)
7395 {
7396 struct nlattr *rate;
7397 u32 bitrate;
7398 u16 bitrate_compat;
7399 enum nl80211_rate_info rate_flg;
7400
7401 rate = nla_nest_start_noflag(msg, attr);
7402 if (!rate)
7403 return false;
7404
7405 /* cfg80211_calculate_bitrate will return 0 for mcs >= 32 */
7406 bitrate = cfg80211_calculate_bitrate(info);
7407 /* report 16-bit bitrate only if we can */
7408 bitrate_compat = bitrate < (1UL << 16) ? bitrate : 0;
7409 if (bitrate > 0 &&
7410 nla_put_u32(msg, NL80211_RATE_INFO_BITRATE32, bitrate))
7411 return false;
7412 if (bitrate_compat > 0 &&
7413 nla_put_u16(msg, NL80211_RATE_INFO_BITRATE, bitrate_compat))
7414 return false;
7415
7416 switch (info->bw) {
7417 case RATE_INFO_BW_1:
7418 rate_flg = NL80211_RATE_INFO_1_MHZ_WIDTH;
7419 break;
7420 case RATE_INFO_BW_2:
7421 rate_flg = NL80211_RATE_INFO_2_MHZ_WIDTH;
7422 break;
7423 case RATE_INFO_BW_4:
7424 rate_flg = NL80211_RATE_INFO_4_MHZ_WIDTH;
7425 break;
7426 case RATE_INFO_BW_5:
7427 rate_flg = NL80211_RATE_INFO_5_MHZ_WIDTH;
7428 break;
7429 case RATE_INFO_BW_8:
7430 rate_flg = NL80211_RATE_INFO_8_MHZ_WIDTH;
7431 break;
7432 case RATE_INFO_BW_10:
7433 rate_flg = NL80211_RATE_INFO_10_MHZ_WIDTH;
7434 break;
7435 case RATE_INFO_BW_16:
7436 rate_flg = NL80211_RATE_INFO_16_MHZ_WIDTH;
7437 break;
7438 default:
7439 WARN_ON(1);
7440 fallthrough;
7441 case RATE_INFO_BW_20:
7442 rate_flg = 0;
7443 break;
7444 case RATE_INFO_BW_40:
7445 rate_flg = NL80211_RATE_INFO_40_MHZ_WIDTH;
7446 break;
7447 case RATE_INFO_BW_80:
7448 rate_flg = NL80211_RATE_INFO_80_MHZ_WIDTH;
7449 break;
7450 case RATE_INFO_BW_160:
7451 rate_flg = NL80211_RATE_INFO_160_MHZ_WIDTH;
7452 break;
7453 case RATE_INFO_BW_HE_RU:
7454 rate_flg = 0;
7455 WARN_ON(!(info->flags & RATE_INFO_FLAGS_HE_MCS));
7456 break;
7457 case RATE_INFO_BW_320:
7458 rate_flg = NL80211_RATE_INFO_320_MHZ_WIDTH;
7459 break;
7460 case RATE_INFO_BW_EHT_RU:
7461 rate_flg = 0;
7462 WARN_ON(!(info->flags & RATE_INFO_FLAGS_EHT_MCS) &&
7463 !(info->flags & RATE_INFO_FLAGS_UHR_MCS));
7464 break;
7465 }
7466
7467 if (rate_flg && nla_put_flag(msg, rate_flg))
7468 return false;
7469
7470 if (info->flags & RATE_INFO_FLAGS_MCS) {
7471 if (nla_put_u8(msg, NL80211_RATE_INFO_MCS, info->mcs))
7472 return false;
7473 if (info->flags & RATE_INFO_FLAGS_SHORT_GI &&
7474 nla_put_flag(msg, NL80211_RATE_INFO_SHORT_GI))
7475 return false;
7476 } else if (info->flags & RATE_INFO_FLAGS_VHT_MCS) {
7477 if (nla_put_u8(msg, NL80211_RATE_INFO_VHT_MCS, info->mcs))
7478 return false;
7479 if (nla_put_u8(msg, NL80211_RATE_INFO_VHT_NSS, info->nss))
7480 return false;
7481 if (info->flags & RATE_INFO_FLAGS_SHORT_GI &&
7482 nla_put_flag(msg, NL80211_RATE_INFO_SHORT_GI))
7483 return false;
7484 } else if (info->flags & RATE_INFO_FLAGS_HE_MCS) {
7485 if (nla_put_u8(msg, NL80211_RATE_INFO_HE_MCS, info->mcs))
7486 return false;
7487 if (nla_put_u8(msg, NL80211_RATE_INFO_HE_NSS, info->nss))
7488 return false;
7489 if (nla_put_u8(msg, NL80211_RATE_INFO_HE_GI, info->he_gi))
7490 return false;
7491 if (nla_put_u8(msg, NL80211_RATE_INFO_HE_DCM, info->he_dcm))
7492 return false;
7493 if (info->bw == RATE_INFO_BW_HE_RU &&
7494 nla_put_u8(msg, NL80211_RATE_INFO_HE_RU_ALLOC,
7495 info->he_ru_alloc))
7496 return false;
7497 } else if (info->flags & RATE_INFO_FLAGS_S1G_MCS) {
7498 if (nla_put_u8(msg, NL80211_RATE_INFO_S1G_MCS, info->mcs))
7499 return false;
7500 if (nla_put_u8(msg, NL80211_RATE_INFO_S1G_NSS, info->nss))
7501 return false;
7502 if (info->flags & RATE_INFO_FLAGS_SHORT_GI &&
7503 nla_put_flag(msg, NL80211_RATE_INFO_SHORT_GI))
7504 return false;
7505 } else if (info->flags & RATE_INFO_FLAGS_EHT_MCS) {
7506 if (nla_put_u8(msg, NL80211_RATE_INFO_EHT_MCS, info->mcs))
7507 return false;
7508 if (nla_put_u8(msg, NL80211_RATE_INFO_EHT_NSS, info->nss))
7509 return false;
7510 if (nla_put_u8(msg, NL80211_RATE_INFO_EHT_GI, info->eht_gi))
7511 return false;
7512 if (info->bw == RATE_INFO_BW_EHT_RU &&
7513 nla_put_u8(msg, NL80211_RATE_INFO_EHT_RU_ALLOC,
7514 info->eht_ru_alloc))
7515 return false;
7516 } else if (info->flags & RATE_INFO_FLAGS_UHR_MCS) {
7517 if (nla_put_u8(msg, NL80211_RATE_INFO_UHR_MCS, info->mcs))
7518 return false;
7519 if (nla_put_u8(msg, NL80211_RATE_INFO_EHT_NSS, info->nss))
7520 return false;
7521 if (nla_put_u8(msg, NL80211_RATE_INFO_EHT_GI, info->eht_gi))
7522 return false;
7523 if (info->bw == RATE_INFO_BW_EHT_RU &&
7524 nla_put_u8(msg, NL80211_RATE_INFO_EHT_RU_ALLOC,
7525 info->eht_ru_alloc))
7526 return false;
7527 if (info->flags & RATE_INFO_FLAGS_UHR_ELR_MCS &&
7528 nla_put_flag(msg, NL80211_RATE_INFO_UHR_ELR))
7529 return false;
7530 if (info->flags & RATE_INFO_FLAGS_UHR_IM &&
7531 nla_put_flag(msg, NL80211_RATE_INFO_UHR_IM))
7532 return false;
7533 }
7534
7535 nla_nest_end(msg, rate);
7536 return true;
7537 }
7538
nl80211_put_signal(struct sk_buff * msg,u8 mask,s8 * signal,int id)7539 static bool nl80211_put_signal(struct sk_buff *msg, u8 mask, s8 *signal,
7540 int id)
7541 {
7542 void *attr;
7543 int i = 0;
7544
7545 if (!mask)
7546 return true;
7547
7548 attr = nla_nest_start_noflag(msg, id);
7549 if (!attr)
7550 return false;
7551
7552 for (i = 0; i < IEEE80211_MAX_CHAINS; i++) {
7553 if (!(mask & BIT(i)))
7554 continue;
7555
7556 if (nla_put_u8(msg, i, signal[i]))
7557 return false;
7558 }
7559
7560 nla_nest_end(msg, attr);
7561
7562 return true;
7563 }
7564
nl80211_fill_link_station(struct sk_buff * msg,struct cfg80211_registered_device * rdev,struct link_station_info * link_sinfo)7565 static int nl80211_fill_link_station(struct sk_buff *msg,
7566 struct cfg80211_registered_device *rdev,
7567 struct link_station_info *link_sinfo)
7568 {
7569 struct nlattr *bss_param, *link_sinfoattr;
7570
7571 #define PUT_LINK_SINFO(attr, memb, type) do { \
7572 BUILD_BUG_ON(sizeof(type) == sizeof(u64)); \
7573 if (link_sinfo->filled & BIT_ULL(NL80211_STA_INFO_ ## attr) && \
7574 nla_put_ ## type(msg, NL80211_STA_INFO_ ## attr, \
7575 link_sinfo->memb)) \
7576 goto nla_put_failure; \
7577 } while (0)
7578 #define PUT_LINK_SINFO_U64(attr, memb) do { \
7579 if (link_sinfo->filled & BIT_ULL(NL80211_STA_INFO_ ## attr) && \
7580 nla_put_u64_64bit(msg, NL80211_STA_INFO_ ## attr, \
7581 link_sinfo->memb, NL80211_STA_INFO_PAD)) \
7582 goto nla_put_failure; \
7583 } while (0)
7584
7585 link_sinfoattr = nla_nest_start_noflag(msg, NL80211_ATTR_STA_INFO);
7586 if (!link_sinfoattr)
7587 goto nla_put_failure;
7588
7589 PUT_LINK_SINFO(INACTIVE_TIME, inactive_time, u32);
7590
7591 if (link_sinfo->filled & (BIT_ULL(NL80211_STA_INFO_RX_BYTES) |
7592 BIT_ULL(NL80211_STA_INFO_RX_BYTES64)) &&
7593 nla_put_u32(msg, NL80211_STA_INFO_RX_BYTES,
7594 (u32)link_sinfo->rx_bytes))
7595 goto nla_put_failure;
7596
7597 if (link_sinfo->filled & (BIT_ULL(NL80211_STA_INFO_TX_BYTES) |
7598 BIT_ULL(NL80211_STA_INFO_TX_BYTES64)) &&
7599 nla_put_u32(msg, NL80211_STA_INFO_TX_BYTES,
7600 (u32)link_sinfo->tx_bytes))
7601 goto nla_put_failure;
7602
7603 PUT_LINK_SINFO_U64(RX_BYTES64, rx_bytes);
7604 PUT_LINK_SINFO_U64(TX_BYTES64, tx_bytes);
7605 PUT_LINK_SINFO_U64(RX_DURATION, rx_duration);
7606 PUT_LINK_SINFO_U64(TX_DURATION, tx_duration);
7607
7608 if (wiphy_ext_feature_isset(&rdev->wiphy,
7609 NL80211_EXT_FEATURE_AIRTIME_FAIRNESS))
7610 PUT_LINK_SINFO(AIRTIME_WEIGHT, airtime_weight, u16);
7611
7612 switch (rdev->wiphy.signal_type) {
7613 case CFG80211_SIGNAL_TYPE_MBM:
7614 PUT_LINK_SINFO(SIGNAL, signal, u8);
7615 PUT_LINK_SINFO(SIGNAL_AVG, signal_avg, u8);
7616 break;
7617 default:
7618 break;
7619 }
7620 if (link_sinfo->filled & BIT_ULL(NL80211_STA_INFO_CHAIN_SIGNAL)) {
7621 if (!nl80211_put_signal(msg, link_sinfo->chains,
7622 link_sinfo->chain_signal,
7623 NL80211_STA_INFO_CHAIN_SIGNAL))
7624 goto nla_put_failure;
7625 }
7626 if (link_sinfo->filled & BIT_ULL(NL80211_STA_INFO_CHAIN_SIGNAL_AVG)) {
7627 if (!nl80211_put_signal(msg, link_sinfo->chains,
7628 link_sinfo->chain_signal_avg,
7629 NL80211_STA_INFO_CHAIN_SIGNAL_AVG))
7630 goto nla_put_failure;
7631 }
7632 if (link_sinfo->filled & BIT_ULL(NL80211_STA_INFO_TX_BITRATE)) {
7633 if (!nl80211_put_sta_rate(msg, &link_sinfo->txrate,
7634 NL80211_STA_INFO_TX_BITRATE))
7635 goto nla_put_failure;
7636 }
7637 if (link_sinfo->filled & BIT_ULL(NL80211_STA_INFO_RX_BITRATE)) {
7638 if (!nl80211_put_sta_rate(msg, &link_sinfo->rxrate,
7639 NL80211_STA_INFO_RX_BITRATE))
7640 goto nla_put_failure;
7641 }
7642
7643 PUT_LINK_SINFO(RX_PACKETS, rx_packets, u32);
7644 PUT_LINK_SINFO(TX_PACKETS, tx_packets, u32);
7645 PUT_LINK_SINFO(TX_RETRIES, tx_retries, u32);
7646 PUT_LINK_SINFO(TX_FAILED, tx_failed, u32);
7647 PUT_LINK_SINFO(EXPECTED_THROUGHPUT, expected_throughput, u32);
7648 PUT_LINK_SINFO(BEACON_LOSS, beacon_loss_count, u32);
7649
7650 if (link_sinfo->filled & BIT_ULL(NL80211_STA_INFO_BSS_PARAM)) {
7651 bss_param = nla_nest_start_noflag(msg,
7652 NL80211_STA_INFO_BSS_PARAM);
7653 if (!bss_param)
7654 goto nla_put_failure;
7655
7656 if (((link_sinfo->bss_param.flags &
7657 BSS_PARAM_FLAGS_CTS_PROT) &&
7658 nla_put_flag(msg, NL80211_STA_BSS_PARAM_CTS_PROT)) ||
7659 ((link_sinfo->bss_param.flags &
7660 BSS_PARAM_FLAGS_SHORT_PREAMBLE) &&
7661 nla_put_flag(msg,
7662 NL80211_STA_BSS_PARAM_SHORT_PREAMBLE)) ||
7663 ((link_sinfo->bss_param.flags &
7664 BSS_PARAM_FLAGS_SHORT_SLOT_TIME) &&
7665 nla_put_flag(msg,
7666 NL80211_STA_BSS_PARAM_SHORT_SLOT_TIME)) ||
7667 nla_put_u8(msg, NL80211_STA_BSS_PARAM_DTIM_PERIOD,
7668 link_sinfo->bss_param.dtim_period) ||
7669 nla_put_u16(msg, NL80211_STA_BSS_PARAM_BEACON_INTERVAL,
7670 link_sinfo->bss_param.beacon_interval))
7671 goto nla_put_failure;
7672
7673 nla_nest_end(msg, bss_param);
7674 }
7675
7676 PUT_LINK_SINFO_U64(RX_DROP_MISC, rx_dropped_misc);
7677 PUT_LINK_SINFO_U64(BEACON_RX, rx_beacon);
7678 PUT_LINK_SINFO(BEACON_SIGNAL_AVG, rx_beacon_signal_avg, u8);
7679 PUT_LINK_SINFO(RX_MPDUS, rx_mpdu_count, u32);
7680 PUT_LINK_SINFO(FCS_ERROR_COUNT, fcs_err_count, u32);
7681 if (wiphy_ext_feature_isset(&rdev->wiphy,
7682 NL80211_EXT_FEATURE_ACK_SIGNAL_SUPPORT)) {
7683 PUT_LINK_SINFO(ACK_SIGNAL, ack_signal, u8);
7684 PUT_LINK_SINFO(ACK_SIGNAL_AVG, avg_ack_signal, s8);
7685 }
7686
7687 #undef PUT_LINK_SINFO
7688 #undef PUT_LINK_SINFO_U64
7689
7690 if (link_sinfo->pertid) {
7691 struct nlattr *tidsattr;
7692 int tid;
7693
7694 tidsattr = nla_nest_start_noflag(msg,
7695 NL80211_STA_INFO_TID_STATS);
7696 if (!tidsattr)
7697 goto nla_put_failure;
7698
7699 for (tid = 0; tid < IEEE80211_NUM_TIDS + 1; tid++) {
7700 struct cfg80211_tid_stats *tidstats;
7701 struct nlattr *tidattr;
7702
7703 tidstats = &link_sinfo->pertid[tid];
7704
7705 if (!tidstats->filled)
7706 continue;
7707
7708 tidattr = nla_nest_start_noflag(msg, tid + 1);
7709 if (!tidattr)
7710 goto nla_put_failure;
7711
7712 #define PUT_TIDVAL_U64(attr, memb) do { \
7713 if (tidstats->filled & BIT(NL80211_TID_STATS_ ## attr) && \
7714 nla_put_u64_64bit(msg, NL80211_TID_STATS_ ## attr, \
7715 tidstats->memb, NL80211_TID_STATS_PAD)) \
7716 goto nla_put_failure; \
7717 } while (0)
7718
7719 PUT_TIDVAL_U64(RX_MSDU, rx_msdu);
7720 PUT_TIDVAL_U64(TX_MSDU, tx_msdu);
7721 PUT_TIDVAL_U64(TX_MSDU_RETRIES, tx_msdu_retries);
7722 PUT_TIDVAL_U64(TX_MSDU_FAILED, tx_msdu_failed);
7723
7724 #undef PUT_TIDVAL_U64
7725 if ((tidstats->filled &
7726 BIT(NL80211_TID_STATS_TXQ_STATS)) &&
7727 !nl80211_put_txq_stats(msg, &tidstats->txq_stats,
7728 NL80211_TID_STATS_TXQ_STATS))
7729 goto nla_put_failure;
7730
7731 nla_nest_end(msg, tidattr);
7732 }
7733
7734 nla_nest_end(msg, tidsattr);
7735 }
7736
7737 nla_nest_end(msg, link_sinfoattr);
7738 return 0;
7739
7740 nla_put_failure:
7741 return -EMSGSIZE;
7742 }
7743
nl80211_send_station(struct sk_buff * msg,u32 cmd,u32 portid,u32 seq,int flags,struct cfg80211_registered_device * rdev,struct wireless_dev * wdev,const u8 * mac_addr,struct station_info * sinfo,bool link_stats)7744 static int nl80211_send_station(struct sk_buff *msg, u32 cmd, u32 portid,
7745 u32 seq, int flags,
7746 struct cfg80211_registered_device *rdev,
7747 struct wireless_dev *wdev,
7748 const u8 *mac_addr, struct station_info *sinfo,
7749 bool link_stats)
7750 {
7751 void *hdr;
7752 struct nlattr *sinfoattr, *bss_param;
7753 struct link_station_info *link_sinfo;
7754 struct nlattr *links, *link;
7755 int link_id;
7756
7757 hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
7758 if (!hdr) {
7759 cfg80211_sinfo_release_content(sinfo);
7760 return -1;
7761 }
7762
7763 if ((wdev->netdev &&
7764 nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex)) ||
7765 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
7766 NL80211_ATTR_PAD) ||
7767 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr) ||
7768 nla_put_u32(msg, NL80211_ATTR_GENERATION, sinfo->generation))
7769 goto nla_put_failure;
7770
7771 sinfoattr = nla_nest_start_noflag(msg, NL80211_ATTR_STA_INFO);
7772 if (!sinfoattr)
7773 goto nla_put_failure;
7774
7775 #define PUT_SINFO(attr, memb, type) do { \
7776 BUILD_BUG_ON(sizeof(type) == sizeof(u64)); \
7777 if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_ ## attr) && \
7778 nla_put_ ## type(msg, NL80211_STA_INFO_ ## attr, \
7779 sinfo->memb)) \
7780 goto nla_put_failure; \
7781 } while (0)
7782 #define PUT_SINFO_U64(attr, memb) do { \
7783 if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_ ## attr) && \
7784 nla_put_u64_64bit(msg, NL80211_STA_INFO_ ## attr, \
7785 sinfo->memb, NL80211_STA_INFO_PAD)) \
7786 goto nla_put_failure; \
7787 } while (0)
7788
7789 PUT_SINFO(CONNECTED_TIME, connected_time, u32);
7790 PUT_SINFO(INACTIVE_TIME, inactive_time, u32);
7791 PUT_SINFO_U64(ASSOC_AT_BOOTTIME, assoc_at);
7792
7793 if (sinfo->filled & (BIT_ULL(NL80211_STA_INFO_RX_BYTES) |
7794 BIT_ULL(NL80211_STA_INFO_RX_BYTES64)) &&
7795 nla_put_u32(msg, NL80211_STA_INFO_RX_BYTES,
7796 (u32)sinfo->rx_bytes))
7797 goto nla_put_failure;
7798
7799 if (sinfo->filled & (BIT_ULL(NL80211_STA_INFO_TX_BYTES) |
7800 BIT_ULL(NL80211_STA_INFO_TX_BYTES64)) &&
7801 nla_put_u32(msg, NL80211_STA_INFO_TX_BYTES,
7802 (u32)sinfo->tx_bytes))
7803 goto nla_put_failure;
7804
7805 PUT_SINFO_U64(RX_BYTES64, rx_bytes);
7806 PUT_SINFO_U64(TX_BYTES64, tx_bytes);
7807 PUT_SINFO_U64(RX_DURATION, rx_duration);
7808 PUT_SINFO_U64(TX_DURATION, tx_duration);
7809
7810 if (wiphy_ext_feature_isset(&rdev->wiphy,
7811 NL80211_EXT_FEATURE_AIRTIME_FAIRNESS))
7812 PUT_SINFO(AIRTIME_WEIGHT, airtime_weight, u16);
7813
7814 switch (rdev->wiphy.signal_type) {
7815 case CFG80211_SIGNAL_TYPE_MBM:
7816 PUT_SINFO(SIGNAL, signal, u8);
7817 PUT_SINFO(SIGNAL_AVG, signal_avg, u8);
7818 break;
7819 default:
7820 break;
7821 }
7822 if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_CHAIN_SIGNAL)) {
7823 if (!nl80211_put_signal(msg, sinfo->chains,
7824 sinfo->chain_signal,
7825 NL80211_STA_INFO_CHAIN_SIGNAL))
7826 goto nla_put_failure;
7827 }
7828 if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_CHAIN_SIGNAL_AVG)) {
7829 if (!nl80211_put_signal(msg, sinfo->chains,
7830 sinfo->chain_signal_avg,
7831 NL80211_STA_INFO_CHAIN_SIGNAL_AVG))
7832 goto nla_put_failure;
7833 }
7834 if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_TX_BITRATE)) {
7835 if (!nl80211_put_sta_rate(msg, &sinfo->txrate,
7836 NL80211_STA_INFO_TX_BITRATE))
7837 goto nla_put_failure;
7838 }
7839 if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_RX_BITRATE)) {
7840 if (!nl80211_put_sta_rate(msg, &sinfo->rxrate,
7841 NL80211_STA_INFO_RX_BITRATE))
7842 goto nla_put_failure;
7843 }
7844
7845 PUT_SINFO(RX_PACKETS, rx_packets, u32);
7846 PUT_SINFO(TX_PACKETS, tx_packets, u32);
7847 PUT_SINFO(TX_RETRIES, tx_retries, u32);
7848 PUT_SINFO(TX_FAILED, tx_failed, u32);
7849 PUT_SINFO(EXPECTED_THROUGHPUT, expected_throughput, u32);
7850 PUT_SINFO(BEACON_LOSS, beacon_loss_count, u32);
7851
7852 PUT_SINFO(LLID, llid, u16);
7853 PUT_SINFO(PLID, plid, u16);
7854 PUT_SINFO(PLINK_STATE, plink_state, u8);
7855 PUT_SINFO(AIRTIME_LINK_METRIC, airtime_link_metric, u32);
7856 PUT_SINFO(LOCAL_PM, local_pm, u32);
7857 PUT_SINFO(PEER_PM, peer_pm, u32);
7858 PUT_SINFO(NONPEER_PM, nonpeer_pm, u32);
7859 PUT_SINFO(CONNECTED_TO_GATE, connected_to_gate, u8);
7860 PUT_SINFO(CONNECTED_TO_AS, connected_to_as, u8);
7861 PUT_SINFO_U64(T_OFFSET, t_offset);
7862
7863 if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_BSS_PARAM)) {
7864 bss_param = nla_nest_start_noflag(msg,
7865 NL80211_STA_INFO_BSS_PARAM);
7866 if (!bss_param)
7867 goto nla_put_failure;
7868
7869 if (((sinfo->bss_param.flags & BSS_PARAM_FLAGS_CTS_PROT) &&
7870 nla_put_flag(msg, NL80211_STA_BSS_PARAM_CTS_PROT)) ||
7871 ((sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_PREAMBLE) &&
7872 nla_put_flag(msg, NL80211_STA_BSS_PARAM_SHORT_PREAMBLE)) ||
7873 ((sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_SLOT_TIME) &&
7874 nla_put_flag(msg, NL80211_STA_BSS_PARAM_SHORT_SLOT_TIME)) ||
7875 nla_put_u8(msg, NL80211_STA_BSS_PARAM_DTIM_PERIOD,
7876 sinfo->bss_param.dtim_period) ||
7877 nla_put_u16(msg, NL80211_STA_BSS_PARAM_BEACON_INTERVAL,
7878 sinfo->bss_param.beacon_interval))
7879 goto nla_put_failure;
7880
7881 nla_nest_end(msg, bss_param);
7882 }
7883 if ((sinfo->filled & BIT_ULL(NL80211_STA_INFO_STA_FLAGS)) &&
7884 nla_put(msg, NL80211_STA_INFO_STA_FLAGS,
7885 sizeof(struct nl80211_sta_flag_update),
7886 &sinfo->sta_flags))
7887 goto nla_put_failure;
7888
7889 PUT_SINFO_U64(RX_DROP_MISC, rx_dropped_misc);
7890 PUT_SINFO_U64(BEACON_RX, rx_beacon);
7891 PUT_SINFO(BEACON_SIGNAL_AVG, rx_beacon_signal_avg, u8);
7892 PUT_SINFO(RX_MPDUS, rx_mpdu_count, u32);
7893 PUT_SINFO(FCS_ERROR_COUNT, fcs_err_count, u32);
7894 if (wiphy_ext_feature_isset(&rdev->wiphy,
7895 NL80211_EXT_FEATURE_ACK_SIGNAL_SUPPORT)) {
7896 PUT_SINFO(ACK_SIGNAL, ack_signal, u8);
7897 PUT_SINFO(ACK_SIGNAL_AVG, avg_ack_signal, s8);
7898 }
7899
7900 #undef PUT_SINFO
7901 #undef PUT_SINFO_U64
7902
7903 if (sinfo->pertid) {
7904 struct nlattr *tidsattr;
7905 int tid;
7906
7907 tidsattr = nla_nest_start_noflag(msg,
7908 NL80211_STA_INFO_TID_STATS);
7909 if (!tidsattr)
7910 goto nla_put_failure;
7911
7912 for (tid = 0; tid < IEEE80211_NUM_TIDS + 1; tid++) {
7913 struct cfg80211_tid_stats *tidstats;
7914 struct nlattr *tidattr;
7915
7916 tidstats = &sinfo->pertid[tid];
7917
7918 if (!tidstats->filled)
7919 continue;
7920
7921 tidattr = nla_nest_start_noflag(msg, tid + 1);
7922 if (!tidattr)
7923 goto nla_put_failure;
7924
7925 #define PUT_TIDVAL_U64(attr, memb) do { \
7926 if (tidstats->filled & BIT(NL80211_TID_STATS_ ## attr) && \
7927 nla_put_u64_64bit(msg, NL80211_TID_STATS_ ## attr, \
7928 tidstats->memb, NL80211_TID_STATS_PAD)) \
7929 goto nla_put_failure; \
7930 } while (0)
7931
7932 PUT_TIDVAL_U64(RX_MSDU, rx_msdu);
7933 PUT_TIDVAL_U64(TX_MSDU, tx_msdu);
7934 PUT_TIDVAL_U64(TX_MSDU_RETRIES, tx_msdu_retries);
7935 PUT_TIDVAL_U64(TX_MSDU_FAILED, tx_msdu_failed);
7936
7937 #undef PUT_TIDVAL_U64
7938 if ((tidstats->filled &
7939 BIT(NL80211_TID_STATS_TXQ_STATS)) &&
7940 !nl80211_put_txq_stats(msg, &tidstats->txq_stats,
7941 NL80211_TID_STATS_TXQ_STATS))
7942 goto nla_put_failure;
7943
7944 nla_nest_end(msg, tidattr);
7945 }
7946
7947 nla_nest_end(msg, tidsattr);
7948 }
7949
7950 nla_nest_end(msg, sinfoattr);
7951
7952 if (sinfo->assoc_req_ies_len &&
7953 nla_put(msg, NL80211_ATTR_IE, sinfo->assoc_req_ies_len,
7954 sinfo->assoc_req_ies))
7955 goto nla_put_failure;
7956
7957 if (sinfo->assoc_resp_ies_len &&
7958 nla_put(msg, NL80211_ATTR_RESP_IE, sinfo->assoc_resp_ies_len,
7959 sinfo->assoc_resp_ies))
7960 goto nla_put_failure;
7961
7962 if (sinfo->mlo_params_valid) {
7963 if (nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID,
7964 sinfo->assoc_link_id))
7965 goto nla_put_failure;
7966
7967 if (!is_zero_ether_addr(sinfo->mld_addr) &&
7968 nla_put(msg, NL80211_ATTR_MLD_ADDR, ETH_ALEN,
7969 sinfo->mld_addr))
7970 goto nla_put_failure;
7971 }
7972
7973 if (link_stats && sinfo->valid_links) {
7974 links = nla_nest_start(msg, NL80211_ATTR_MLO_LINKS);
7975 if (!links)
7976 goto nla_put_failure;
7977
7978 for_each_valid_link(sinfo, link_id) {
7979 link_sinfo = sinfo->links[link_id];
7980
7981 if (WARN_ON_ONCE(!link_sinfo))
7982 continue;
7983
7984 if (!is_valid_ether_addr(link_sinfo->addr))
7985 continue;
7986
7987 link = nla_nest_start(msg, link_id + 1);
7988 if (!link)
7989 goto nla_put_failure;
7990
7991 if (nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID,
7992 link_id))
7993 goto nla_put_failure;
7994
7995 if (nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN,
7996 link_sinfo->addr))
7997 goto nla_put_failure;
7998
7999 if (nl80211_fill_link_station(msg, rdev, link_sinfo))
8000 goto nla_put_failure;
8001
8002 nla_nest_end(msg, link);
8003 }
8004 nla_nest_end(msg, links);
8005 }
8006
8007 cfg80211_sinfo_release_content(sinfo);
8008 genlmsg_end(msg, hdr);
8009 return 0;
8010
8011 nla_put_failure:
8012 cfg80211_sinfo_release_content(sinfo);
8013 genlmsg_cancel(msg, hdr);
8014 return -EMSGSIZE;
8015 }
8016
cfg80211_sta_set_mld_sinfo(struct station_info * sinfo)8017 static void cfg80211_sta_set_mld_sinfo(struct station_info *sinfo)
8018 {
8019 struct link_station_info *link_sinfo;
8020 int link_id, init = 0;
8021 u32 link_inactive_time;
8022
8023 sinfo->signal = -99;
8024
8025 for_each_valid_link(sinfo, link_id) {
8026 link_sinfo = sinfo->links[link_id];
8027 if (!link_sinfo)
8028 continue;
8029
8030 if ((link_sinfo->filled &
8031 BIT_ULL(NL80211_STA_INFO_TX_PACKETS))) {
8032 sinfo->tx_packets += link_sinfo->tx_packets;
8033 sinfo->filled |= BIT_ULL(NL80211_STA_INFO_TX_PACKETS);
8034 }
8035
8036 if ((link_sinfo->filled &
8037 BIT_ULL(NL80211_STA_INFO_RX_PACKETS))) {
8038 sinfo->rx_packets += link_sinfo->rx_packets;
8039 sinfo->filled |= BIT_ULL(NL80211_STA_INFO_RX_PACKETS);
8040 }
8041
8042 if (link_sinfo->filled &
8043 (BIT_ULL(NL80211_STA_INFO_TX_BYTES) |
8044 BIT_ULL(NL80211_STA_INFO_TX_BYTES64))) {
8045 sinfo->tx_bytes += link_sinfo->tx_bytes;
8046 sinfo->filled |= BIT_ULL(NL80211_STA_INFO_TX_BYTES);
8047 }
8048
8049 if (link_sinfo->filled &
8050 (BIT_ULL(NL80211_STA_INFO_RX_BYTES) |
8051 BIT_ULL(NL80211_STA_INFO_TX_BYTES64))) {
8052 sinfo->rx_bytes += link_sinfo->rx_bytes;
8053 sinfo->filled |= BIT_ULL(NL80211_STA_INFO_RX_BYTES);
8054 }
8055
8056 if (link_sinfo->filled &
8057 BIT_ULL(NL80211_STA_INFO_TX_RETRIES)) {
8058 sinfo->tx_retries += link_sinfo->tx_retries;
8059 sinfo->filled |= BIT_ULL(NL80211_STA_INFO_TX_RETRIES);
8060 }
8061
8062 if (link_sinfo->filled & BIT_ULL(NL80211_STA_INFO_TX_FAILED)) {
8063 sinfo->tx_failed += link_sinfo->tx_failed;
8064 sinfo->filled |= BIT_ULL(NL80211_STA_INFO_TX_FAILED);
8065 }
8066
8067 if (link_sinfo->filled &
8068 BIT_ULL(NL80211_STA_INFO_RX_DROP_MISC)) {
8069 sinfo->rx_dropped_misc += link_sinfo->rx_dropped_misc;
8070 sinfo->filled |=
8071 BIT_ULL(NL80211_STA_INFO_RX_DROP_MISC);
8072 }
8073
8074 if (link_sinfo->filled &
8075 BIT_ULL(NL80211_STA_INFO_BEACON_LOSS)) {
8076 sinfo->beacon_loss_count +=
8077 link_sinfo->beacon_loss_count;
8078 sinfo->filled |= BIT_ULL(NL80211_STA_INFO_BEACON_LOSS);
8079 }
8080
8081 if (link_sinfo->filled &
8082 BIT_ULL(NL80211_STA_INFO_EXPECTED_THROUGHPUT)) {
8083 sinfo->expected_throughput +=
8084 link_sinfo->expected_throughput;
8085 sinfo->filled |=
8086 BIT_ULL(NL80211_STA_INFO_EXPECTED_THROUGHPUT);
8087 }
8088
8089 if (link_sinfo->filled & BIT_ULL(NL80211_STA_INFO_RX_MPDUS)) {
8090 sinfo->rx_mpdu_count += link_sinfo->rx_mpdu_count;
8091 sinfo->filled |= BIT_ULL(NL80211_STA_INFO_RX_MPDUS);
8092 }
8093
8094 if (link_sinfo->filled &
8095 BIT_ULL(NL80211_STA_INFO_FCS_ERROR_COUNT)) {
8096 sinfo->fcs_err_count += link_sinfo->fcs_err_count;
8097 sinfo->filled |=
8098 BIT_ULL(NL80211_STA_INFO_FCS_ERROR_COUNT);
8099 }
8100
8101 if (link_sinfo->filled &
8102 BIT_ULL(NL80211_STA_INFO_BEACON_RX)) {
8103 sinfo->rx_beacon += link_sinfo->rx_beacon;
8104 sinfo->filled |= BIT_ULL(NL80211_STA_INFO_BEACON_RX);
8105 }
8106
8107 /* Update MLO signal, signal_avg as best among links */
8108 if ((link_sinfo->filled & BIT_ULL(NL80211_STA_INFO_SIGNAL)) &&
8109 link_sinfo->signal > sinfo->signal) {
8110 sinfo->signal = link_sinfo->signal;
8111 sinfo->filled |= BIT_ULL(NL80211_STA_INFO_SIGNAL);
8112 }
8113
8114 if ((link_sinfo->filled &
8115 BIT_ULL(NL80211_STA_INFO_SIGNAL_AVG)) &&
8116 link_sinfo->signal_avg > sinfo->signal_avg) {
8117 sinfo->signal_avg = link_sinfo->signal_avg;
8118 sinfo->filled |= BIT_ULL(NL80211_STA_INFO_SIGNAL_AVG);
8119 }
8120
8121 /* Update MLO inactive_time, bss_param based on least
8122 * value for corresponding field of link.
8123 */
8124 if ((link_sinfo->filled &
8125 BIT_ULL(NL80211_STA_INFO_INACTIVE_TIME)) &&
8126 (!init ||
8127 link_inactive_time > link_sinfo->inactive_time)) {
8128 link_inactive_time = link_sinfo->inactive_time;
8129 sinfo->inactive_time = link_sinfo->inactive_time;
8130 sinfo->filled |= NL80211_STA_INFO_INACTIVE_TIME;
8131 }
8132
8133 if (link_sinfo->filled & BIT_ULL(NL80211_STA_INFO_BSS_PARAM) &&
8134 (!init ||
8135 sinfo->bss_param.dtim_period >
8136 link_sinfo->bss_param.dtim_period)) {
8137 sinfo->bss_param.dtim_period =
8138 link_sinfo->bss_param.dtim_period;
8139 sinfo->filled |= NL80211_STA_BSS_PARAM_DTIM_PERIOD;
8140 sinfo->bss_param.beacon_interval =
8141 link_sinfo->bss_param.beacon_interval;
8142 sinfo->filled |= NL80211_STA_BSS_PARAM_BEACON_INTERVAL;
8143 }
8144
8145 /* Update MLO rates as per last updated link rate */
8146 if ((link_sinfo->filled &
8147 BIT_ULL(NL80211_STA_INFO_TX_BITRATE)) &&
8148 (!init ||
8149 link_inactive_time > link_sinfo->inactive_time)) {
8150 sinfo->txrate = link_sinfo->txrate;
8151 sinfo->filled |= BIT_ULL(NL80211_STA_INFO_TX_BITRATE);
8152 }
8153 if ((link_sinfo->filled &
8154 BIT_ULL(NL80211_STA_INFO_RX_BITRATE)) &&
8155 (!init ||
8156 link_inactive_time > link_sinfo->inactive_time)) {
8157 sinfo->rxrate = link_sinfo->rxrate;
8158 sinfo->filled |= BIT_ULL(NL80211_STA_INFO_RX_BITRATE);
8159 }
8160
8161 if (link_sinfo->filled &
8162 BIT_ULL(NL80211_STA_INFO_TX_DURATION) &&
8163 (!init ||
8164 link_inactive_time > link_sinfo->inactive_time)) {
8165 sinfo->tx_duration += link_sinfo->tx_duration;
8166 sinfo->filled |=
8167 BIT_ULL(NL80211_STA_INFO_TX_DURATION);
8168 }
8169 if (link_sinfo->filled &
8170 BIT_ULL(NL80211_STA_INFO_RX_DURATION) &&
8171 (!init ||
8172 link_inactive_time > link_sinfo->inactive_time)) {
8173 sinfo->rx_duration += link_sinfo->rx_duration;
8174 sinfo->filled |=
8175 BIT_ULL(NL80211_STA_INFO_RX_DURATION);
8176 }
8177 init++;
8178
8179 /* pertid stats accumulate for rx/tx fields */
8180 if (sinfo->pertid) {
8181 sinfo->pertid->rx_msdu +=
8182 link_sinfo->pertid->rx_msdu;
8183 sinfo->pertid->tx_msdu +=
8184 link_sinfo->pertid->tx_msdu;
8185 sinfo->pertid->tx_msdu_retries +=
8186 link_sinfo->pertid->tx_msdu_retries;
8187 sinfo->pertid->tx_msdu_failed +=
8188 link_sinfo->pertid->tx_msdu_failed;
8189
8190 sinfo->pertid->filled |=
8191 BIT(NL80211_TID_STATS_RX_MSDU) |
8192 BIT(NL80211_TID_STATS_TX_MSDU) |
8193 BIT(NL80211_TID_STATS_TX_MSDU_RETRIES) |
8194 BIT(NL80211_TID_STATS_TX_MSDU_FAILED);
8195 }
8196 }
8197
8198 /* Reset sinfo->filled bits to exclude fields which don't make
8199 * much sense at the MLO level.
8200 */
8201 sinfo->filled &= ~BIT_ULL(NL80211_STA_INFO_CHAIN_SIGNAL);
8202 sinfo->filled &= ~BIT_ULL(NL80211_STA_INFO_CHAIN_SIGNAL_AVG);
8203 }
8204
nl80211_dump_station(struct sk_buff * skb,struct netlink_callback * cb)8205 static int nl80211_dump_station(struct sk_buff *skb,
8206 struct netlink_callback *cb)
8207 {
8208 struct station_info sinfo;
8209 struct cfg80211_registered_device *rdev;
8210 struct wireless_dev *wdev;
8211 u8 mac_addr[ETH_ALEN];
8212 int sta_idx = cb->args[2];
8213 bool sinfo_alloc = false;
8214 int err, i;
8215
8216 err = nl80211_prepare_wdev_dump(cb, &rdev, &wdev, NULL);
8217 if (err)
8218 return err;
8219 /* nl80211_prepare_wdev_dump acquired it in the successful case */
8220 __acquire(&rdev->wiphy.mtx);
8221
8222 if (!wdev->netdev && wdev->iftype != NL80211_IFTYPE_NAN) {
8223 err = -EINVAL;
8224 goto out_err;
8225 }
8226
8227 if (!rdev->ops->dump_station) {
8228 err = -EOPNOTSUPP;
8229 goto out_err;
8230 }
8231
8232 while (1) {
8233 memset(&sinfo, 0, sizeof(sinfo));
8234
8235 for (i = 0; i < IEEE80211_MLD_MAX_NUM_LINKS; i++) {
8236 sinfo.links[i] =
8237 kzalloc_obj(*sinfo.links[0]);
8238 if (!sinfo.links[i]) {
8239 err = -ENOMEM;
8240 goto out_err;
8241 }
8242 sinfo_alloc = true;
8243 }
8244
8245 err = rdev_dump_station(rdev, wdev, sta_idx,
8246 mac_addr, &sinfo);
8247 if (err == -ENOENT)
8248 break;
8249 if (err)
8250 goto out_err;
8251
8252 if (sinfo.valid_links)
8253 cfg80211_sta_set_mld_sinfo(&sinfo);
8254
8255 /* reset the sinfo_alloc flag as nl80211_send_station()
8256 * always releases sinfo
8257 */
8258 sinfo_alloc = false;
8259
8260 if (nl80211_send_station(skb, NL80211_CMD_NEW_STATION,
8261 NETLINK_CB(cb->skb).portid,
8262 cb->nlh->nlmsg_seq, NLM_F_MULTI,
8263 rdev, wdev, mac_addr,
8264 &sinfo, false) < 0)
8265 goto out;
8266
8267 sta_idx++;
8268 }
8269
8270 out:
8271 cb->args[2] = sta_idx;
8272 err = skb->len;
8273 out_err:
8274 if (sinfo_alloc)
8275 cfg80211_sinfo_release_content(&sinfo);
8276 wiphy_unlock(&rdev->wiphy);
8277
8278 return err;
8279 }
8280
nl80211_get_station(struct sk_buff * skb,struct genl_info * info)8281 static int nl80211_get_station(struct sk_buff *skb, struct genl_info *info)
8282 {
8283 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8284 struct wireless_dev *wdev = info->user_ptr[1];
8285 struct station_info sinfo;
8286 struct sk_buff *msg;
8287 u8 *mac_addr = NULL;
8288 int err, i;
8289
8290 memset(&sinfo, 0, sizeof(sinfo));
8291
8292 if (!wdev->netdev)
8293 return -EINVAL;
8294
8295 if (!info->attrs[NL80211_ATTR_MAC])
8296 return -EINVAL;
8297
8298 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
8299
8300 if (!rdev->ops->get_station)
8301 return -EOPNOTSUPP;
8302
8303 for (i = 0; i < IEEE80211_MLD_MAX_NUM_LINKS; i++) {
8304 sinfo.links[i] = kzalloc_obj(*sinfo.links[0]);
8305 if (!sinfo.links[i]) {
8306 cfg80211_sinfo_release_content(&sinfo);
8307 return -ENOMEM;
8308 }
8309 }
8310
8311 err = rdev_get_station(rdev, wdev, mac_addr, &sinfo);
8312 if (err) {
8313 cfg80211_sinfo_release_content(&sinfo);
8314 return err;
8315 }
8316
8317 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
8318 if (!msg) {
8319 cfg80211_sinfo_release_content(&sinfo);
8320 return -ENOMEM;
8321 }
8322
8323 if (sinfo.valid_links)
8324 cfg80211_sta_set_mld_sinfo(&sinfo);
8325
8326 if (nl80211_send_station(msg, NL80211_CMD_NEW_STATION,
8327 info->snd_portid, info->snd_seq, 0,
8328 rdev, wdev, mac_addr, &sinfo, false) < 0) {
8329 nlmsg_free(msg);
8330 return -ENOBUFS;
8331 }
8332
8333 return genlmsg_reply(msg, info);
8334 }
8335
cfg80211_check_station_change(struct wiphy * wiphy,struct station_parameters * params,enum cfg80211_station_type statype)8336 int cfg80211_check_station_change(struct wiphy *wiphy,
8337 struct station_parameters *params,
8338 enum cfg80211_station_type statype)
8339 {
8340 if (params->listen_interval != -1 &&
8341 statype != CFG80211_STA_AP_CLIENT_UNASSOC)
8342 return -EINVAL;
8343
8344 if (params->support_p2p_ps != -1 &&
8345 statype != CFG80211_STA_AP_CLIENT_UNASSOC)
8346 return -EINVAL;
8347
8348 if (params->aid &&
8349 !(params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) &&
8350 statype != CFG80211_STA_AP_CLIENT_UNASSOC)
8351 return -EINVAL;
8352
8353 /* When you run into this, adjust the code below for the new flag */
8354 BUILD_BUG_ON(NL80211_STA_FLAG_MAX != 8);
8355
8356 switch (statype) {
8357 case CFG80211_STA_MESH_PEER_KERNEL:
8358 case CFG80211_STA_MESH_PEER_USER:
8359 /*
8360 * No ignoring the TDLS flag here -- the userspace mesh
8361 * code doesn't have the bug of including TDLS in the
8362 * mask everywhere.
8363 */
8364 if (params->sta_flags_mask &
8365 ~(BIT(NL80211_STA_FLAG_AUTHENTICATED) |
8366 BIT(NL80211_STA_FLAG_MFP) |
8367 BIT(NL80211_STA_FLAG_AUTHORIZED)))
8368 return -EINVAL;
8369 break;
8370 case CFG80211_STA_TDLS_PEER_SETUP:
8371 case CFG80211_STA_TDLS_PEER_ACTIVE:
8372 if (!(params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)))
8373 return -EINVAL;
8374 /* ignore since it can't change */
8375 params->sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
8376 break;
8377 default:
8378 /* disallow mesh-specific things */
8379 if (params->plink_action != NL80211_PLINK_ACTION_NO_ACTION)
8380 return -EINVAL;
8381 if (params->local_pm)
8382 return -EINVAL;
8383 if (params->sta_modify_mask & STATION_PARAM_APPLY_PLINK_STATE)
8384 return -EINVAL;
8385 }
8386
8387 if (statype != CFG80211_STA_TDLS_PEER_SETUP &&
8388 statype != CFG80211_STA_TDLS_PEER_ACTIVE) {
8389 /* TDLS can't be set, ... */
8390 if (params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER))
8391 return -EINVAL;
8392 /*
8393 * ... but don't bother the driver with it. This works around
8394 * a hostapd/wpa_supplicant issue -- it always includes the
8395 * TLDS_PEER flag in the mask even for AP mode.
8396 */
8397 params->sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
8398 }
8399
8400 if (statype != CFG80211_STA_TDLS_PEER_SETUP &&
8401 statype != CFG80211_STA_AP_CLIENT_UNASSOC) {
8402 /* reject other things that can't change */
8403 if (params->sta_modify_mask & STATION_PARAM_APPLY_UAPSD)
8404 return -EINVAL;
8405 if (params->sta_modify_mask & STATION_PARAM_APPLY_CAPABILITY)
8406 return -EINVAL;
8407 if (params->link_sta_params.supported_rates)
8408 return -EINVAL;
8409 if (statype != CFG80211_STA_NAN_MGMT &&
8410 (params->link_sta_params.ht_capa ||
8411 params->link_sta_params.vht_capa ||
8412 params->link_sta_params.he_capa))
8413 return -EINVAL;
8414 if (params->ext_capab || params->link_sta_params.eht_capa ||
8415 params->link_sta_params.uhr_capa)
8416 return -EINVAL;
8417 if (params->sta_flags_mask & BIT(NL80211_STA_FLAG_SPP_AMSDU))
8418 return -EINVAL;
8419 }
8420
8421 if (statype != CFG80211_STA_AP_CLIENT &&
8422 statype != CFG80211_STA_AP_CLIENT_UNASSOC) {
8423 if (params->vlan)
8424 return -EINVAL;
8425 }
8426
8427 /* Accept EMLSR capabilities only for AP client before association */
8428 if (statype != CFG80211_STA_AP_CLIENT_UNASSOC &&
8429 params->eml_cap_present)
8430 return -EINVAL;
8431
8432 switch (statype) {
8433 case CFG80211_STA_AP_MLME_CLIENT:
8434 /* Use this only for authorizing/unauthorizing a station */
8435 if (!(params->sta_flags_mask & BIT(NL80211_STA_FLAG_AUTHORIZED)))
8436 return -EOPNOTSUPP;
8437 break;
8438 case CFG80211_STA_AP_CLIENT:
8439 case CFG80211_STA_AP_CLIENT_UNASSOC:
8440 /* accept only the listed bits */
8441 if (params->sta_flags_mask &
8442 ~(BIT(NL80211_STA_FLAG_AUTHORIZED) |
8443 BIT(NL80211_STA_FLAG_AUTHENTICATED) |
8444 BIT(NL80211_STA_FLAG_ASSOCIATED) |
8445 BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) |
8446 BIT(NL80211_STA_FLAG_WME) |
8447 BIT(NL80211_STA_FLAG_MFP) |
8448 BIT(NL80211_STA_FLAG_SPP_AMSDU)))
8449 return -EINVAL;
8450
8451 /* but authenticated/associated only if driver handles it */
8452 if (!(wiphy->features & NL80211_FEATURE_FULL_AP_CLIENT_STATE) &&
8453 params->sta_flags_mask &
8454 (BIT(NL80211_STA_FLAG_AUTHENTICATED) |
8455 BIT(NL80211_STA_FLAG_ASSOCIATED)))
8456 return -EINVAL;
8457 break;
8458 case CFG80211_STA_IBSS:
8459 case CFG80211_STA_AP_STA:
8460 /* reject any changes other than AUTHORIZED */
8461 if (params->sta_flags_mask & ~BIT(NL80211_STA_FLAG_AUTHORIZED))
8462 return -EINVAL;
8463 break;
8464 case CFG80211_STA_TDLS_PEER_SETUP:
8465 /* reject any changes other than AUTHORIZED or WME */
8466 if (params->sta_flags_mask & ~(BIT(NL80211_STA_FLAG_AUTHORIZED) |
8467 BIT(NL80211_STA_FLAG_WME)))
8468 return -EINVAL;
8469 /* force (at least) rates when authorizing */
8470 if (params->sta_flags_set & BIT(NL80211_STA_FLAG_AUTHORIZED) &&
8471 !params->link_sta_params.supported_rates)
8472 return -EINVAL;
8473 break;
8474 case CFG80211_STA_TDLS_PEER_ACTIVE:
8475 /* reject any changes */
8476 return -EINVAL;
8477 case CFG80211_STA_MESH_PEER_KERNEL:
8478 if (params->sta_modify_mask & STATION_PARAM_APPLY_PLINK_STATE)
8479 return -EINVAL;
8480 break;
8481 case CFG80211_STA_MESH_PEER_USER:
8482 if (params->plink_action != NL80211_PLINK_ACTION_NO_ACTION &&
8483 params->plink_action != NL80211_PLINK_ACTION_BLOCK)
8484 return -EINVAL;
8485 break;
8486 case CFG80211_STA_NAN_MGMT:
8487 if (params->sta_flags_mask &
8488 ~(BIT(NL80211_STA_FLAG_AUTHORIZED) |
8489 BIT(NL80211_STA_FLAG_MFP)))
8490 return -EINVAL;
8491 break;
8492 case CFG80211_STA_NAN_DATA:
8493 if (params->sta_flags_mask &
8494 ~(BIT(NL80211_STA_FLAG_AUTHORIZED) |
8495 BIT(NL80211_STA_FLAG_MFP) |
8496 BIT(NL80211_STA_FLAG_WME)))
8497 return -EINVAL;
8498 break;
8499 }
8500
8501 /*
8502 * Older kernel versions ignored this attribute entirely, so don't
8503 * reject attempts to update it but mark it as unused instead so the
8504 * driver won't look at the data.
8505 */
8506 if (statype != CFG80211_STA_AP_CLIENT_UNASSOC &&
8507 statype != CFG80211_STA_TDLS_PEER_SETUP)
8508 params->link_sta_params.opmode_notif_used = false;
8509
8510 return 0;
8511 }
8512 EXPORT_SYMBOL(cfg80211_check_station_change);
8513
8514 /*
8515 * Get vlan interface making sure it is running and on the right wiphy.
8516 */
get_vlan(struct genl_info * info,struct cfg80211_registered_device * rdev)8517 static struct net_device *get_vlan(struct genl_info *info,
8518 struct cfg80211_registered_device *rdev)
8519 {
8520 struct nlattr *vlanattr = info->attrs[NL80211_ATTR_STA_VLAN];
8521 struct net_device *v;
8522 int ret;
8523
8524 if (!vlanattr)
8525 return NULL;
8526
8527 v = dev_get_by_index(genl_info_net(info), nla_get_u32(vlanattr));
8528 if (!v)
8529 return ERR_PTR(-ENODEV);
8530
8531 if (!v->ieee80211_ptr || v->ieee80211_ptr->wiphy != &rdev->wiphy) {
8532 ret = -EINVAL;
8533 goto error;
8534 }
8535
8536 if (v->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN &&
8537 v->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
8538 v->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) {
8539 ret = -EINVAL;
8540 goto error;
8541 }
8542
8543 if (!netif_running(v)) {
8544 ret = -ENETDOWN;
8545 goto error;
8546 }
8547
8548 return v;
8549 error:
8550 dev_put(v);
8551 return ERR_PTR(ret);
8552 }
8553
nl80211_parse_sta_wme(struct genl_info * info,struct station_parameters * params)8554 static int nl80211_parse_sta_wme(struct genl_info *info,
8555 struct station_parameters *params)
8556 {
8557 struct nlattr *tb[NL80211_STA_WME_MAX + 1];
8558 struct nlattr *nla;
8559 int err;
8560
8561 /* parse WME attributes if present */
8562 if (!info->attrs[NL80211_ATTR_STA_WME])
8563 return 0;
8564
8565 nla = info->attrs[NL80211_ATTR_STA_WME];
8566 err = nla_parse_nested_deprecated(tb, NL80211_STA_WME_MAX, nla,
8567 nl80211_sta_wme_policy,
8568 info->extack);
8569 if (err)
8570 return err;
8571
8572 if (tb[NL80211_STA_WME_UAPSD_QUEUES])
8573 params->uapsd_queues = nla_get_u8(
8574 tb[NL80211_STA_WME_UAPSD_QUEUES]);
8575 if (params->uapsd_queues & ~IEEE80211_WMM_IE_STA_QOSINFO_AC_MASK)
8576 return -EINVAL;
8577
8578 if (tb[NL80211_STA_WME_MAX_SP])
8579 params->max_sp = nla_get_u8(tb[NL80211_STA_WME_MAX_SP]);
8580
8581 if (params->max_sp & ~IEEE80211_WMM_IE_STA_QOSINFO_SP_MASK)
8582 return -EINVAL;
8583
8584 params->sta_modify_mask |= STATION_PARAM_APPLY_UAPSD;
8585
8586 return 0;
8587 }
8588
nl80211_parse_sta_channel_info(struct genl_info * info,struct station_parameters * params)8589 static int nl80211_parse_sta_channel_info(struct genl_info *info,
8590 struct station_parameters *params)
8591 {
8592 if (info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]) {
8593 params->supported_channels =
8594 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]);
8595 params->supported_channels_len =
8596 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]);
8597 /*
8598 * Need to include at least one (first channel, number of
8599 * channels) tuple for each subband (checked in policy),
8600 * and must have proper tuples for the rest of the data as well.
8601 */
8602 if (params->supported_channels_len % 2)
8603 return -EINVAL;
8604 }
8605
8606 if (info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]) {
8607 params->supported_oper_classes =
8608 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]);
8609 params->supported_oper_classes_len =
8610 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]);
8611 }
8612 return 0;
8613 }
8614
nl80211_set_station_tdls(struct genl_info * info,struct station_parameters * params)8615 static int nl80211_set_station_tdls(struct genl_info *info,
8616 struct station_parameters *params)
8617 {
8618 int err;
8619 /* Dummy STA entry gets updated once the peer capabilities are known */
8620 if (info->attrs[NL80211_ATTR_PEER_AID])
8621 params->aid = nla_get_u16(info->attrs[NL80211_ATTR_PEER_AID]);
8622 if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
8623 params->link_sta_params.ht_capa =
8624 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
8625 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY])
8626 params->link_sta_params.vht_capa =
8627 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]);
8628 if (info->attrs[NL80211_ATTR_HE_CAPABILITY]) {
8629 params->link_sta_params.he_capa =
8630 nla_data(info->attrs[NL80211_ATTR_HE_CAPABILITY]);
8631 params->link_sta_params.he_capa_len =
8632 nla_len(info->attrs[NL80211_ATTR_HE_CAPABILITY]);
8633
8634 if (info->attrs[NL80211_ATTR_EHT_CAPABILITY]) {
8635 params->link_sta_params.eht_capa =
8636 nla_data(info->attrs[NL80211_ATTR_EHT_CAPABILITY]);
8637 params->link_sta_params.eht_capa_len =
8638 nla_len(info->attrs[NL80211_ATTR_EHT_CAPABILITY]);
8639
8640 if (!ieee80211_eht_capa_size_ok((const u8 *)params->link_sta_params.he_capa,
8641 (const u8 *)params->link_sta_params.eht_capa,
8642 params->link_sta_params.eht_capa_len,
8643 false))
8644 return -EINVAL;
8645 }
8646 }
8647
8648 if (info->attrs[NL80211_ATTR_UHR_CAPABILITY]) {
8649 if (!params->link_sta_params.eht_capa)
8650 return -EINVAL;
8651
8652 params->link_sta_params.uhr_capa =
8653 nla_data(info->attrs[NL80211_ATTR_UHR_CAPABILITY]);
8654 params->link_sta_params.uhr_capa_len =
8655 nla_len(info->attrs[NL80211_ATTR_UHR_CAPABILITY]);
8656 }
8657
8658 if (info->attrs[NL80211_ATTR_S1G_CAPABILITY])
8659 params->link_sta_params.s1g_capa =
8660 nla_data(info->attrs[NL80211_ATTR_S1G_CAPABILITY]);
8661
8662 err = nl80211_parse_sta_channel_info(info, params);
8663 if (err)
8664 return err;
8665
8666 return nl80211_parse_sta_wme(info, params);
8667 }
8668
nl80211_parse_sta_txpower_setting(struct genl_info * info,struct sta_txpwr * txpwr,bool * txpwr_set)8669 static int nl80211_parse_sta_txpower_setting(struct genl_info *info,
8670 struct sta_txpwr *txpwr,
8671 bool *txpwr_set)
8672 {
8673 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8674 int idx;
8675
8676 if (info->attrs[NL80211_ATTR_STA_TX_POWER_SETTING]) {
8677 if (!rdev->ops->set_tx_power ||
8678 !wiphy_ext_feature_isset(&rdev->wiphy,
8679 NL80211_EXT_FEATURE_STA_TX_PWR))
8680 return -EOPNOTSUPP;
8681
8682 idx = NL80211_ATTR_STA_TX_POWER_SETTING;
8683 txpwr->type = nla_get_u8(info->attrs[idx]);
8684
8685 if (txpwr->type == NL80211_TX_POWER_LIMITED) {
8686 idx = NL80211_ATTR_STA_TX_POWER;
8687
8688 if (info->attrs[idx])
8689 txpwr->power = nla_get_s16(info->attrs[idx]);
8690 else
8691 return -EINVAL;
8692 }
8693
8694 *txpwr_set = true;
8695 } else {
8696 *txpwr_set = false;
8697 }
8698
8699 return 0;
8700 }
8701
nl80211_set_station(struct sk_buff * skb,struct genl_info * info)8702 static int nl80211_set_station(struct sk_buff *skb, struct genl_info *info)
8703 {
8704 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8705 struct wireless_dev *wdev = info->user_ptr[1];
8706 struct net_device *dev = wdev->netdev;
8707 struct station_parameters params;
8708 u8 *mac_addr;
8709 int err;
8710
8711 memset(¶ms, 0, sizeof(params));
8712
8713 if (!dev && wdev->iftype != NL80211_IFTYPE_NAN &&
8714 wdev->iftype != NL80211_IFTYPE_NAN_DATA)
8715 return -EINVAL;
8716
8717 if (!rdev->ops->change_station)
8718 return -EOPNOTSUPP;
8719
8720 /*
8721 * AID and listen_interval properties can be set only for unassociated
8722 * station. Include these parameters here and will check them in
8723 * cfg80211_check_station_change().
8724 */
8725 if (info->attrs[NL80211_ATTR_STA_AID])
8726 params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]);
8727
8728 if (info->attrs[NL80211_ATTR_VLAN_ID])
8729 params.vlan_id = nla_get_u16(info->attrs[NL80211_ATTR_VLAN_ID]);
8730
8731 if (info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
8732 params.listen_interval =
8733 nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]);
8734 else
8735 params.listen_interval = -1;
8736
8737 if (info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS])
8738 params.support_p2p_ps =
8739 nla_get_u8(info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS]);
8740 else
8741 params.support_p2p_ps = -1;
8742
8743 if (!info->attrs[NL80211_ATTR_MAC])
8744 return -EINVAL;
8745
8746 params.link_sta_params.link_id =
8747 nl80211_link_id_or_invalid(info->attrs);
8748
8749 if (info->attrs[NL80211_ATTR_MLD_ADDR]) {
8750 /* If MLD_ADDR attribute is set then this is an MLD station
8751 * and the MLD_ADDR attribute holds the MLD address and the
8752 * MAC attribute holds for the LINK address.
8753 * In that case, the link_id is also expected to be valid.
8754 */
8755 if (params.link_sta_params.link_id < 0)
8756 return -EINVAL;
8757
8758 mac_addr = nla_data(info->attrs[NL80211_ATTR_MLD_ADDR]);
8759 params.link_sta_params.mld_mac = mac_addr;
8760 params.link_sta_params.link_mac =
8761 nla_data(info->attrs[NL80211_ATTR_MAC]);
8762 if (!is_valid_ether_addr(params.link_sta_params.link_mac))
8763 return -EINVAL;
8764 } else {
8765 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
8766 }
8767
8768
8769 if (info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]) {
8770 params.link_sta_params.supported_rates =
8771 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
8772 params.link_sta_params.supported_rates_len =
8773 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
8774 }
8775
8776 if (info->attrs[NL80211_ATTR_STA_CAPABILITY]) {
8777 params.capability =
8778 nla_get_u16(info->attrs[NL80211_ATTR_STA_CAPABILITY]);
8779 params.sta_modify_mask |= STATION_PARAM_APPLY_CAPABILITY;
8780 }
8781
8782 if (info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]) {
8783 params.ext_capab =
8784 nla_data(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
8785 params.ext_capab_len =
8786 nla_len(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
8787 }
8788
8789 if (parse_station_flags(info, wdev->iftype, ¶ms))
8790 return -EINVAL;
8791
8792 if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION])
8793 params.plink_action =
8794 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]);
8795
8796 if (info->attrs[NL80211_ATTR_STA_PLINK_STATE]) {
8797 params.plink_state =
8798 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_STATE]);
8799 if (info->attrs[NL80211_ATTR_MESH_PEER_AID])
8800 params.peer_aid = nla_get_u16(
8801 info->attrs[NL80211_ATTR_MESH_PEER_AID]);
8802 params.sta_modify_mask |= STATION_PARAM_APPLY_PLINK_STATE;
8803 }
8804
8805 if (info->attrs[NL80211_ATTR_LOCAL_MESH_POWER_MODE])
8806 params.local_pm = nla_get_u32(
8807 info->attrs[NL80211_ATTR_LOCAL_MESH_POWER_MODE]);
8808
8809 if (info->attrs[NL80211_ATTR_OPMODE_NOTIF]) {
8810 params.link_sta_params.opmode_notif_used = true;
8811 params.link_sta_params.opmode_notif =
8812 nla_get_u8(info->attrs[NL80211_ATTR_OPMODE_NOTIF]);
8813 }
8814
8815 if (info->attrs[NL80211_ATTR_HE_6GHZ_CAPABILITY])
8816 params.link_sta_params.he_6ghz_capa =
8817 nla_data(info->attrs[NL80211_ATTR_HE_6GHZ_CAPABILITY]);
8818
8819 if (info->attrs[NL80211_ATTR_EML_CAPABILITY]) {
8820 params.eml_cap_present = true;
8821 params.eml_cap =
8822 nla_get_u16(info->attrs[NL80211_ATTR_EML_CAPABILITY]);
8823 }
8824
8825 if (info->attrs[NL80211_ATTR_AIRTIME_WEIGHT])
8826 params.airtime_weight =
8827 nla_get_u16(info->attrs[NL80211_ATTR_AIRTIME_WEIGHT]);
8828
8829 if (params.airtime_weight &&
8830 !wiphy_ext_feature_isset(&rdev->wiphy,
8831 NL80211_EXT_FEATURE_AIRTIME_FAIRNESS))
8832 return -EOPNOTSUPP;
8833
8834 err = nl80211_parse_sta_txpower_setting(info,
8835 ¶ms.link_sta_params.txpwr,
8836 ¶ms.link_sta_params.txpwr_set);
8837 if (err)
8838 return err;
8839
8840 /* Include parameters for TDLS peer (will check later) */
8841 err = nl80211_set_station_tdls(info, ¶ms);
8842 if (err)
8843 return err;
8844
8845 params.vlan = get_vlan(info, rdev);
8846 if (IS_ERR(params.vlan))
8847 return PTR_ERR(params.vlan);
8848
8849 switch (wdev->iftype) {
8850 case NL80211_IFTYPE_AP:
8851 case NL80211_IFTYPE_AP_VLAN:
8852 case NL80211_IFTYPE_P2P_GO:
8853 case NL80211_IFTYPE_P2P_CLIENT:
8854 case NL80211_IFTYPE_STATION:
8855 case NL80211_IFTYPE_ADHOC:
8856 case NL80211_IFTYPE_MESH_POINT:
8857 case NL80211_IFTYPE_NAN:
8858 case NL80211_IFTYPE_NAN_DATA:
8859 break;
8860 default:
8861 err = -EOPNOTSUPP;
8862 goto out_put_vlan;
8863 }
8864
8865 /* driver will call cfg80211_check_station_change() */
8866 err = rdev_change_station(rdev, wdev, mac_addr, ¶ms);
8867
8868 out_put_vlan:
8869 dev_put(params.vlan);
8870
8871 return err;
8872 }
8873
nl80211_new_station(struct sk_buff * skb,struct genl_info * info)8874 static int nl80211_new_station(struct sk_buff *skb, struct genl_info *info)
8875 {
8876 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8877 int err;
8878 struct wireless_dev *wdev = info->user_ptr[1];
8879 struct net_device *dev = wdev->netdev;
8880 struct station_parameters params;
8881 u8 *mac_addr = NULL;
8882 u32 auth_assoc = BIT(NL80211_STA_FLAG_AUTHENTICATED) |
8883 BIT(NL80211_STA_FLAG_ASSOCIATED);
8884
8885 memset(¶ms, 0, sizeof(params));
8886
8887 if (!dev && wdev->iftype != NL80211_IFTYPE_NAN)
8888 return -EINVAL;
8889
8890 if (!rdev->ops->add_station)
8891 return -EOPNOTSUPP;
8892
8893 if (!info->attrs[NL80211_ATTR_MAC])
8894 return -EINVAL;
8895
8896 if (wdev->iftype == NL80211_IFTYPE_NAN ||
8897 wdev->iftype == NL80211_IFTYPE_NAN_DATA) {
8898 if (info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES])
8899 return -EINVAL;
8900 if (wdev->iftype == NL80211_IFTYPE_NAN_DATA) {
8901 if (!info->attrs[NL80211_ATTR_NAN_NMI_MAC])
8902 return -EINVAL;
8903
8904 /* Only NMI stations receive the HT/VHT/HE capabilities */
8905 if (info->attrs[NL80211_ATTR_HT_CAPABILITY] ||
8906 info->attrs[NL80211_ATTR_VHT_CAPABILITY] ||
8907 info->attrs[NL80211_ATTR_HE_CAPABILITY])
8908 return -EINVAL;
8909 }
8910 } else {
8911 if (!info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
8912 return -EINVAL;
8913
8914 if (!info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES])
8915 return -EINVAL;
8916
8917 if (!info->attrs[NL80211_ATTR_STA_AID] &&
8918 !info->attrs[NL80211_ATTR_PEER_AID])
8919 return -EINVAL;
8920 }
8921
8922 params.link_sta_params.link_id =
8923 nl80211_link_id_or_invalid(info->attrs);
8924
8925 if (info->attrs[NL80211_ATTR_MLD_ADDR]) {
8926 mac_addr = nla_data(info->attrs[NL80211_ATTR_MLD_ADDR]);
8927 params.link_sta_params.mld_mac = mac_addr;
8928 params.link_sta_params.link_mac =
8929 nla_data(info->attrs[NL80211_ATTR_MAC]);
8930 if (!is_valid_ether_addr(params.link_sta_params.link_mac))
8931 return -EINVAL;
8932 } else {
8933 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
8934 }
8935
8936 if (info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]) {
8937 params.link_sta_params.supported_rates =
8938 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
8939 params.link_sta_params.supported_rates_len =
8940 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
8941 }
8942
8943 if (info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
8944 params.listen_interval =
8945 nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]);
8946
8947 if (info->attrs[NL80211_ATTR_VLAN_ID])
8948 params.vlan_id = nla_get_u16(info->attrs[NL80211_ATTR_VLAN_ID]);
8949
8950 if (info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS]) {
8951 params.support_p2p_ps =
8952 nla_get_u8(info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS]);
8953 } else {
8954 /*
8955 * if not specified, assume it's supported for P2P GO interface,
8956 * and is NOT supported for AP interface
8957 */
8958 params.support_p2p_ps =
8959 wdev->iftype == NL80211_IFTYPE_P2P_GO;
8960 }
8961
8962 if (info->attrs[NL80211_ATTR_PEER_AID])
8963 params.aid = nla_get_u16(info->attrs[NL80211_ATTR_PEER_AID]);
8964 else if (info->attrs[NL80211_ATTR_STA_AID])
8965 params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]);
8966
8967 if (info->attrs[NL80211_ATTR_STA_CAPABILITY]) {
8968 params.capability =
8969 nla_get_u16(info->attrs[NL80211_ATTR_STA_CAPABILITY]);
8970 params.sta_modify_mask |= STATION_PARAM_APPLY_CAPABILITY;
8971 }
8972
8973 if (info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]) {
8974 params.ext_capab =
8975 nla_data(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
8976 params.ext_capab_len =
8977 nla_len(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
8978 }
8979
8980 if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
8981 params.link_sta_params.ht_capa =
8982 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
8983
8984 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY])
8985 params.link_sta_params.vht_capa =
8986 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]);
8987
8988 if (info->attrs[NL80211_ATTR_HE_CAPABILITY]) {
8989 params.link_sta_params.he_capa =
8990 nla_data(info->attrs[NL80211_ATTR_HE_CAPABILITY]);
8991 params.link_sta_params.he_capa_len =
8992 nla_len(info->attrs[NL80211_ATTR_HE_CAPABILITY]);
8993
8994 if (info->attrs[NL80211_ATTR_EHT_CAPABILITY]) {
8995 params.link_sta_params.eht_capa =
8996 nla_data(info->attrs[NL80211_ATTR_EHT_CAPABILITY]);
8997 params.link_sta_params.eht_capa_len =
8998 nla_len(info->attrs[NL80211_ATTR_EHT_CAPABILITY]);
8999
9000 if (!ieee80211_eht_capa_size_ok((const u8 *)params.link_sta_params.he_capa,
9001 (const u8 *)params.link_sta_params.eht_capa,
9002 params.link_sta_params.eht_capa_len,
9003 false))
9004 return -EINVAL;
9005 }
9006 }
9007
9008 if (info->attrs[NL80211_ATTR_UHR_CAPABILITY]) {
9009 if (!params.link_sta_params.eht_capa)
9010 return -EINVAL;
9011
9012 params.link_sta_params.uhr_capa =
9013 nla_data(info->attrs[NL80211_ATTR_UHR_CAPABILITY]);
9014 params.link_sta_params.uhr_capa_len =
9015 nla_len(info->attrs[NL80211_ATTR_UHR_CAPABILITY]);
9016 }
9017
9018 if (info->attrs[NL80211_ATTR_EML_CAPABILITY]) {
9019 params.eml_cap_present = true;
9020 params.eml_cap =
9021 nla_get_u16(info->attrs[NL80211_ATTR_EML_CAPABILITY]);
9022 }
9023
9024 if (info->attrs[NL80211_ATTR_HE_6GHZ_CAPABILITY])
9025 params.link_sta_params.he_6ghz_capa =
9026 nla_data(info->attrs[NL80211_ATTR_HE_6GHZ_CAPABILITY]);
9027
9028 if (info->attrs[NL80211_ATTR_S1G_CAPABILITY])
9029 params.link_sta_params.s1g_capa =
9030 nla_data(info->attrs[NL80211_ATTR_S1G_CAPABILITY]);
9031
9032 if (info->attrs[NL80211_ATTR_OPMODE_NOTIF]) {
9033 params.link_sta_params.opmode_notif_used = true;
9034 params.link_sta_params.opmode_notif =
9035 nla_get_u8(info->attrs[NL80211_ATTR_OPMODE_NOTIF]);
9036 }
9037
9038 if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION])
9039 params.plink_action =
9040 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]);
9041
9042 if (info->attrs[NL80211_ATTR_AIRTIME_WEIGHT])
9043 params.airtime_weight =
9044 nla_get_u16(info->attrs[NL80211_ATTR_AIRTIME_WEIGHT]);
9045
9046 if (params.airtime_weight &&
9047 !wiphy_ext_feature_isset(&rdev->wiphy,
9048 NL80211_EXT_FEATURE_AIRTIME_FAIRNESS))
9049 return -EOPNOTSUPP;
9050
9051 err = nl80211_parse_sta_txpower_setting(info,
9052 ¶ms.link_sta_params.txpwr,
9053 ¶ms.link_sta_params.txpwr_set);
9054 if (err)
9055 return err;
9056
9057 err = nl80211_parse_sta_channel_info(info, ¶ms);
9058 if (err)
9059 return err;
9060
9061 err = nl80211_parse_sta_wme(info, ¶ms);
9062 if (err)
9063 return err;
9064
9065 if (parse_station_flags(info, wdev->iftype, ¶ms))
9066 return -EINVAL;
9067
9068 /* HT/VHT requires QoS, but if we don't have that just ignore HT/VHT
9069 * as userspace might just pass through the capabilities from the IEs
9070 * directly, rather than enforcing this restriction and returning an
9071 * error in this case.
9072 */
9073 if (!(params.sta_flags_set & BIT(NL80211_STA_FLAG_WME))) {
9074 params.link_sta_params.ht_capa = NULL;
9075 params.link_sta_params.vht_capa = NULL;
9076
9077 /* HE, EHT and UHR require WME */
9078 if (params.link_sta_params.he_capa_len ||
9079 params.link_sta_params.he_6ghz_capa ||
9080 params.link_sta_params.eht_capa_len ||
9081 params.link_sta_params.uhr_capa_len)
9082 return -EINVAL;
9083 }
9084
9085 if (wdev->iftype == NL80211_IFTYPE_NAN ||
9086 wdev->iftype == NL80211_IFTYPE_NAN_DATA) {
9087 if (params.sta_modify_mask & STATION_PARAM_APPLY_UAPSD)
9088 return -EINVAL;
9089 /* NAN NMI station must be added in associated or authorized state */
9090 if (!(params.sta_flags_set & (BIT(NL80211_STA_FLAG_ASSOCIATED) |
9091 BIT(NL80211_STA_FLAG_AUTHENTICATED))))
9092 return -EINVAL;
9093 }
9094
9095 /* Ensure that HT/VHT capabilities are not set for 6 GHz HE STA */
9096 if (params.link_sta_params.he_6ghz_capa &&
9097 (params.link_sta_params.ht_capa || params.link_sta_params.vht_capa))
9098 return -EINVAL;
9099
9100 /* When you run into this, adjust the code below for the new flag */
9101 BUILD_BUG_ON(NL80211_STA_FLAG_MAX != 8);
9102
9103 switch (wdev->iftype) {
9104 case NL80211_IFTYPE_AP:
9105 case NL80211_IFTYPE_AP_VLAN:
9106 case NL80211_IFTYPE_P2P_GO:
9107 /* ignore WME attributes if iface/sta is not capable */
9108 if (!(rdev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) ||
9109 !(params.sta_flags_set & BIT(NL80211_STA_FLAG_WME)))
9110 params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
9111
9112 /* TDLS peers cannot be added */
9113 if ((params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) ||
9114 info->attrs[NL80211_ATTR_PEER_AID])
9115 return -EINVAL;
9116 /* but don't bother the driver with it */
9117 params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
9118
9119 /* allow authenticated/associated only if driver handles it */
9120 if (!(rdev->wiphy.features &
9121 NL80211_FEATURE_FULL_AP_CLIENT_STATE) &&
9122 params.sta_flags_mask & auth_assoc)
9123 return -EINVAL;
9124
9125 if (!wiphy_ext_feature_isset(&rdev->wiphy,
9126 NL80211_EXT_FEATURE_SPP_AMSDU_SUPPORT) &&
9127 params.sta_flags_mask & BIT(NL80211_STA_FLAG_SPP_AMSDU))
9128 return -EINVAL;
9129
9130 /* Older userspace, or userspace wanting to be compatible with
9131 * !NL80211_FEATURE_FULL_AP_CLIENT_STATE, will not set the auth
9132 * and assoc flags in the mask, but assumes the station will be
9133 * added as associated anyway since this was the required driver
9134 * behaviour before NL80211_FEATURE_FULL_AP_CLIENT_STATE was
9135 * introduced.
9136 * In order to not bother drivers with this quirk in the API
9137 * set the flags in both the mask and set for new stations in
9138 * this case.
9139 */
9140 if (!(params.sta_flags_mask & auth_assoc)) {
9141 params.sta_flags_mask |= auth_assoc;
9142 params.sta_flags_set |= auth_assoc;
9143 }
9144
9145 /* must be last in here for error handling */
9146 params.vlan = get_vlan(info, rdev);
9147 if (IS_ERR(params.vlan))
9148 return PTR_ERR(params.vlan);
9149 break;
9150 case NL80211_IFTYPE_MESH_POINT:
9151 /* ignore uAPSD data */
9152 params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
9153
9154 /* associated is disallowed */
9155 if (params.sta_flags_mask & BIT(NL80211_STA_FLAG_ASSOCIATED))
9156 return -EINVAL;
9157 /* TDLS peers cannot be added */
9158 if ((params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) ||
9159 info->attrs[NL80211_ATTR_PEER_AID])
9160 return -EINVAL;
9161 break;
9162 case NL80211_IFTYPE_STATION:
9163 case NL80211_IFTYPE_P2P_CLIENT:
9164 /* ignore uAPSD data */
9165 params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
9166
9167 /* these are disallowed */
9168 if (params.sta_flags_mask &
9169 (BIT(NL80211_STA_FLAG_ASSOCIATED) |
9170 BIT(NL80211_STA_FLAG_AUTHENTICATED)))
9171 return -EINVAL;
9172 /* Only TDLS peers can be added */
9173 if (!(params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)))
9174 return -EINVAL;
9175 /* Can only add if TDLS ... */
9176 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS))
9177 return -EOPNOTSUPP;
9178 /* ... with external setup is supported */
9179 if (!(rdev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP))
9180 return -EOPNOTSUPP;
9181 /*
9182 * Older wpa_supplicant versions always mark the TDLS peer
9183 * as authorized, but it shouldn't yet be.
9184 */
9185 params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_AUTHORIZED);
9186 break;
9187 case NL80211_IFTYPE_NAN:
9188 break;
9189 case NL80211_IFTYPE_NAN_DATA:
9190 params.nmi_mac = nla_data(info->attrs[NL80211_ATTR_NAN_NMI_MAC]);
9191 break;
9192 default:
9193 return -EOPNOTSUPP;
9194 }
9195
9196 /* be aware of params.vlan when changing code here */
9197
9198 if (wdev->valid_links) {
9199 if (params.link_sta_params.link_id < 0) {
9200 err = -EINVAL;
9201 goto out;
9202 }
9203 if (!(wdev->valid_links & BIT(params.link_sta_params.link_id))) {
9204 err = -ENOLINK;
9205 goto out;
9206 }
9207 } else {
9208 if (params.link_sta_params.link_id >= 0) {
9209 err = -EINVAL;
9210 goto out;
9211 }
9212 }
9213
9214 params.epp_peer =
9215 nla_get_flag(info->attrs[NL80211_ATTR_EPP_PEER]);
9216
9217 err = rdev_add_station(rdev, wdev, mac_addr, ¶ms);
9218 out:
9219 dev_put(params.vlan);
9220 return err;
9221 }
9222
nl80211_del_station(struct sk_buff * skb,struct genl_info * info)9223 static int nl80211_del_station(struct sk_buff *skb, struct genl_info *info)
9224 {
9225 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9226 struct wireless_dev *wdev = info->user_ptr[1];
9227 struct net_device *dev = wdev->netdev;
9228 struct station_del_parameters params;
9229 int link_id = nl80211_link_id_or_invalid(info->attrs);
9230
9231 memset(¶ms, 0, sizeof(params));
9232
9233 if (!dev && wdev->iftype != NL80211_IFTYPE_NAN)
9234 return -EINVAL;
9235
9236 if (info->attrs[NL80211_ATTR_MAC])
9237 params.mac = nla_data(info->attrs[NL80211_ATTR_MAC]);
9238
9239 switch (wdev->iftype) {
9240 case NL80211_IFTYPE_AP:
9241 case NL80211_IFTYPE_AP_VLAN:
9242 case NL80211_IFTYPE_MESH_POINT:
9243 case NL80211_IFTYPE_P2P_GO:
9244 case NL80211_IFTYPE_NAN:
9245 case NL80211_IFTYPE_NAN_DATA:
9246 /* always accept these */
9247 break;
9248 case NL80211_IFTYPE_ADHOC:
9249 /* conditionally accept */
9250 if (wiphy_ext_feature_isset(&rdev->wiphy,
9251 NL80211_EXT_FEATURE_DEL_IBSS_STA))
9252 break;
9253 return -EINVAL;
9254 default:
9255 return -EINVAL;
9256 }
9257
9258 if (!rdev->ops->del_station)
9259 return -EOPNOTSUPP;
9260
9261 if (info->attrs[NL80211_ATTR_MGMT_SUBTYPE]) {
9262 params.subtype =
9263 nla_get_u8(info->attrs[NL80211_ATTR_MGMT_SUBTYPE]);
9264 if (params.subtype != IEEE80211_STYPE_DISASSOC >> 4 &&
9265 params.subtype != IEEE80211_STYPE_DEAUTH >> 4)
9266 return -EINVAL;
9267 } else {
9268 /* Default to Deauthentication frame */
9269 params.subtype = IEEE80211_STYPE_DEAUTH >> 4;
9270 }
9271
9272 if (info->attrs[NL80211_ATTR_REASON_CODE]) {
9273 params.reason_code =
9274 nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
9275 if (params.reason_code == 0)
9276 return -EINVAL; /* 0 is reserved */
9277 } else {
9278 /* Default to reason code 2 */
9279 params.reason_code = WLAN_REASON_PREV_AUTH_NOT_VALID;
9280 }
9281
9282 /* Link ID not expected in case of non-ML operation */
9283 if (!wdev->valid_links && link_id != -1)
9284 return -EINVAL;
9285
9286 /* If given, a valid link ID should be passed during MLO */
9287 if (wdev->valid_links && link_id >= 0 &&
9288 !(wdev->valid_links & BIT(link_id)))
9289 return -EINVAL;
9290
9291 params.link_id = link_id;
9292
9293 return rdev_del_station(rdev, wdev, ¶ms);
9294 }
9295
nl80211_send_mpath(struct sk_buff * msg,u32 portid,u32 seq,int flags,struct net_device * dev,u8 * dst,u8 * next_hop,struct mpath_info * pinfo)9296 static int nl80211_send_mpath(struct sk_buff *msg, u32 portid, u32 seq,
9297 int flags, struct net_device *dev,
9298 u8 *dst, u8 *next_hop,
9299 struct mpath_info *pinfo)
9300 {
9301 void *hdr;
9302 struct nlattr *pinfoattr;
9303
9304 hdr = nl80211hdr_put(msg, portid, seq, flags, NL80211_CMD_NEW_MPATH);
9305 if (!hdr)
9306 return -1;
9307
9308 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
9309 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, dst) ||
9310 nla_put(msg, NL80211_ATTR_MPATH_NEXT_HOP, ETH_ALEN, next_hop) ||
9311 nla_put_u32(msg, NL80211_ATTR_GENERATION, pinfo->generation))
9312 goto nla_put_failure;
9313
9314 pinfoattr = nla_nest_start_noflag(msg, NL80211_ATTR_MPATH_INFO);
9315 if (!pinfoattr)
9316 goto nla_put_failure;
9317 if ((pinfo->filled & MPATH_INFO_FRAME_QLEN) &&
9318 nla_put_u32(msg, NL80211_MPATH_INFO_FRAME_QLEN,
9319 pinfo->frame_qlen))
9320 goto nla_put_failure;
9321 if (((pinfo->filled & MPATH_INFO_SN) &&
9322 nla_put_u32(msg, NL80211_MPATH_INFO_SN, pinfo->sn)) ||
9323 ((pinfo->filled & MPATH_INFO_METRIC) &&
9324 nla_put_u32(msg, NL80211_MPATH_INFO_METRIC,
9325 pinfo->metric)) ||
9326 ((pinfo->filled & MPATH_INFO_EXPTIME) &&
9327 nla_put_u32(msg, NL80211_MPATH_INFO_EXPTIME,
9328 pinfo->exptime)) ||
9329 ((pinfo->filled & MPATH_INFO_FLAGS) &&
9330 nla_put_u8(msg, NL80211_MPATH_INFO_FLAGS,
9331 pinfo->flags)) ||
9332 ((pinfo->filled & MPATH_INFO_DISCOVERY_TIMEOUT) &&
9333 nla_put_u32(msg, NL80211_MPATH_INFO_DISCOVERY_TIMEOUT,
9334 pinfo->discovery_timeout)) ||
9335 ((pinfo->filled & MPATH_INFO_DISCOVERY_RETRIES) &&
9336 nla_put_u8(msg, NL80211_MPATH_INFO_DISCOVERY_RETRIES,
9337 pinfo->discovery_retries)) ||
9338 ((pinfo->filled & MPATH_INFO_HOP_COUNT) &&
9339 nla_put_u8(msg, NL80211_MPATH_INFO_HOP_COUNT,
9340 pinfo->hop_count)) ||
9341 ((pinfo->filled & MPATH_INFO_PATH_CHANGE) &&
9342 nla_put_u32(msg, NL80211_MPATH_INFO_PATH_CHANGE,
9343 pinfo->path_change_count)))
9344 goto nla_put_failure;
9345
9346 nla_nest_end(msg, pinfoattr);
9347
9348 genlmsg_end(msg, hdr);
9349 return 0;
9350
9351 nla_put_failure:
9352 genlmsg_cancel(msg, hdr);
9353 return -EMSGSIZE;
9354 }
9355
nl80211_dump_mpath(struct sk_buff * skb,struct netlink_callback * cb)9356 static int nl80211_dump_mpath(struct sk_buff *skb,
9357 struct netlink_callback *cb)
9358 {
9359 struct mpath_info pinfo;
9360 struct cfg80211_registered_device *rdev;
9361 struct wireless_dev *wdev;
9362 u8 dst[ETH_ALEN];
9363 u8 next_hop[ETH_ALEN];
9364 int path_idx = cb->args[2];
9365 int err;
9366
9367 err = nl80211_prepare_wdev_dump(cb, &rdev, &wdev, NULL);
9368 if (err)
9369 return err;
9370 /* nl80211_prepare_wdev_dump acquired it in the successful case */
9371 __acquire(&rdev->wiphy.mtx);
9372
9373 if (!rdev->ops->dump_mpath) {
9374 err = -EOPNOTSUPP;
9375 goto out_err;
9376 }
9377
9378 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT) {
9379 err = -EOPNOTSUPP;
9380 goto out_err;
9381 }
9382
9383 while (1) {
9384 err = rdev_dump_mpath(rdev, wdev->netdev, path_idx, dst,
9385 next_hop, &pinfo);
9386 if (err == -ENOENT)
9387 break;
9388 if (err)
9389 goto out_err;
9390
9391 if (nl80211_send_mpath(skb, NETLINK_CB(cb->skb).portid,
9392 cb->nlh->nlmsg_seq, NLM_F_MULTI,
9393 wdev->netdev, dst, next_hop,
9394 &pinfo) < 0)
9395 goto out;
9396
9397 path_idx++;
9398 }
9399
9400 out:
9401 cb->args[2] = path_idx;
9402 err = skb->len;
9403 out_err:
9404 wiphy_unlock(&rdev->wiphy);
9405 return err;
9406 }
9407
nl80211_get_mpath(struct sk_buff * skb,struct genl_info * info)9408 static int nl80211_get_mpath(struct sk_buff *skb, struct genl_info *info)
9409 {
9410 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9411 int err;
9412 struct net_device *dev = info->user_ptr[1];
9413 struct mpath_info pinfo;
9414 struct sk_buff *msg;
9415 u8 *dst = NULL;
9416 u8 next_hop[ETH_ALEN];
9417
9418 memset(&pinfo, 0, sizeof(pinfo));
9419
9420 if (!info->attrs[NL80211_ATTR_MAC])
9421 return -EINVAL;
9422
9423 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
9424
9425 if (!rdev->ops->get_mpath)
9426 return -EOPNOTSUPP;
9427
9428 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
9429 return -EOPNOTSUPP;
9430
9431 err = rdev_get_mpath(rdev, dev, dst, next_hop, &pinfo);
9432 if (err)
9433 return err;
9434
9435 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
9436 if (!msg)
9437 return -ENOMEM;
9438
9439 if (nl80211_send_mpath(msg, info->snd_portid, info->snd_seq, 0,
9440 dev, dst, next_hop, &pinfo) < 0) {
9441 nlmsg_free(msg);
9442 return -ENOBUFS;
9443 }
9444
9445 return genlmsg_reply(msg, info);
9446 }
9447
nl80211_set_mpath(struct sk_buff * skb,struct genl_info * info)9448 static int nl80211_set_mpath(struct sk_buff *skb, struct genl_info *info)
9449 {
9450 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9451 struct net_device *dev = info->user_ptr[1];
9452 u8 *dst = NULL;
9453 u8 *next_hop = NULL;
9454
9455 if (!info->attrs[NL80211_ATTR_MAC])
9456 return -EINVAL;
9457
9458 if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP])
9459 return -EINVAL;
9460
9461 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
9462 next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);
9463
9464 if (!rdev->ops->change_mpath)
9465 return -EOPNOTSUPP;
9466
9467 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
9468 return -EOPNOTSUPP;
9469
9470 return rdev_change_mpath(rdev, dev, dst, next_hop);
9471 }
9472
nl80211_new_mpath(struct sk_buff * skb,struct genl_info * info)9473 static int nl80211_new_mpath(struct sk_buff *skb, struct genl_info *info)
9474 {
9475 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9476 struct net_device *dev = info->user_ptr[1];
9477 u8 *dst = NULL;
9478 u8 *next_hop = NULL;
9479
9480 if (!info->attrs[NL80211_ATTR_MAC])
9481 return -EINVAL;
9482
9483 if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP])
9484 return -EINVAL;
9485
9486 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
9487 next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);
9488
9489 if (!rdev->ops->add_mpath)
9490 return -EOPNOTSUPP;
9491
9492 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
9493 return -EOPNOTSUPP;
9494
9495 return rdev_add_mpath(rdev, dev, dst, next_hop);
9496 }
9497
nl80211_del_mpath(struct sk_buff * skb,struct genl_info * info)9498 static int nl80211_del_mpath(struct sk_buff *skb, struct genl_info *info)
9499 {
9500 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9501 struct net_device *dev = info->user_ptr[1];
9502 u8 *dst = NULL;
9503
9504 if (info->attrs[NL80211_ATTR_MAC])
9505 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
9506
9507 if (!rdev->ops->del_mpath)
9508 return -EOPNOTSUPP;
9509
9510 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
9511 return -EOPNOTSUPP;
9512
9513 return rdev_del_mpath(rdev, dev, dst);
9514 }
9515
nl80211_get_mpp(struct sk_buff * skb,struct genl_info * info)9516 static int nl80211_get_mpp(struct sk_buff *skb, struct genl_info *info)
9517 {
9518 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9519 int err;
9520 struct net_device *dev = info->user_ptr[1];
9521 struct mpath_info pinfo;
9522 struct sk_buff *msg;
9523 u8 *dst = NULL;
9524 u8 mpp[ETH_ALEN];
9525
9526 memset(&pinfo, 0, sizeof(pinfo));
9527
9528 if (!info->attrs[NL80211_ATTR_MAC])
9529 return -EINVAL;
9530
9531 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
9532
9533 if (!rdev->ops->get_mpp)
9534 return -EOPNOTSUPP;
9535
9536 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
9537 return -EOPNOTSUPP;
9538
9539 err = rdev_get_mpp(rdev, dev, dst, mpp, &pinfo);
9540 if (err)
9541 return err;
9542
9543 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
9544 if (!msg)
9545 return -ENOMEM;
9546
9547 if (nl80211_send_mpath(msg, info->snd_portid, info->snd_seq, 0,
9548 dev, dst, mpp, &pinfo) < 0) {
9549 nlmsg_free(msg);
9550 return -ENOBUFS;
9551 }
9552
9553 return genlmsg_reply(msg, info);
9554 }
9555
nl80211_dump_mpp(struct sk_buff * skb,struct netlink_callback * cb)9556 static int nl80211_dump_mpp(struct sk_buff *skb,
9557 struct netlink_callback *cb)
9558 {
9559 struct mpath_info pinfo;
9560 struct cfg80211_registered_device *rdev;
9561 struct wireless_dev *wdev;
9562 u8 dst[ETH_ALEN];
9563 u8 mpp[ETH_ALEN];
9564 int path_idx = cb->args[2];
9565 int err;
9566
9567 err = nl80211_prepare_wdev_dump(cb, &rdev, &wdev, NULL);
9568 if (err)
9569 return err;
9570 /* nl80211_prepare_wdev_dump acquired it in the successful case */
9571 __acquire(&rdev->wiphy.mtx);
9572
9573 if (!rdev->ops->dump_mpp) {
9574 err = -EOPNOTSUPP;
9575 goto out_err;
9576 }
9577
9578 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT) {
9579 err = -EOPNOTSUPP;
9580 goto out_err;
9581 }
9582
9583 while (1) {
9584 err = rdev_dump_mpp(rdev, wdev->netdev, path_idx, dst,
9585 mpp, &pinfo);
9586 if (err == -ENOENT)
9587 break;
9588 if (err)
9589 goto out_err;
9590
9591 if (nl80211_send_mpath(skb, NETLINK_CB(cb->skb).portid,
9592 cb->nlh->nlmsg_seq, NLM_F_MULTI,
9593 wdev->netdev, dst, mpp,
9594 &pinfo) < 0)
9595 goto out;
9596
9597 path_idx++;
9598 }
9599
9600 out:
9601 cb->args[2] = path_idx;
9602 err = skb->len;
9603 out_err:
9604 wiphy_unlock(&rdev->wiphy);
9605 return err;
9606 }
9607
nl80211_set_bss(struct sk_buff * skb,struct genl_info * info)9608 static int nl80211_set_bss(struct sk_buff *skb, struct genl_info *info)
9609 {
9610 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9611 struct net_device *dev = info->user_ptr[1];
9612 struct bss_parameters params;
9613 u32 bss_param_support = rdev->wiphy.bss_param_support;
9614 u32 changed = 0;
9615 bool strict;
9616
9617 memset(¶ms, 0, sizeof(params));
9618 params.link_id = nl80211_link_id_or_invalid(info->attrs);
9619 /* default to not changing parameters */
9620 params.use_cts_prot = -1;
9621 params.use_short_preamble = -1;
9622 params.use_short_slot_time = -1;
9623 params.ap_isolate = -1;
9624 params.ht_opmode = -1;
9625 params.p2p_ctwindow = -1;
9626 params.p2p_opp_ps = -1;
9627
9628 strict = nla_get_flag(info->attrs[NL80211_ATTR_BSS_PARAM]);
9629 if (info->attrs[NL80211_ATTR_BSS_CTS_PROT]) {
9630 if (strict && !(bss_param_support & WIPHY_BSS_PARAM_CTS_PROT))
9631 return -EINVAL;
9632 params.use_cts_prot =
9633 nla_get_u8(info->attrs[NL80211_ATTR_BSS_CTS_PROT]);
9634 changed |= WIPHY_BSS_PARAM_CTS_PROT;
9635 }
9636 if (info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE]) {
9637 if (strict &&
9638 !(bss_param_support & WIPHY_BSS_PARAM_SHORT_PREAMBLE))
9639 return -EINVAL;
9640 params.use_short_preamble =
9641 nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE]);
9642 changed |= WIPHY_BSS_PARAM_SHORT_PREAMBLE;
9643 }
9644 if (info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME]) {
9645 if (strict &&
9646 !(bss_param_support & WIPHY_BSS_PARAM_SHORT_SLOT_TIME))
9647 return -EINVAL;
9648 params.use_short_slot_time =
9649 nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME]);
9650 changed |= WIPHY_BSS_PARAM_SHORT_SLOT_TIME;
9651 }
9652 if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
9653 if (strict &&
9654 !(bss_param_support & WIPHY_BSS_PARAM_BASIC_RATES))
9655 return -EINVAL;
9656 params.basic_rates =
9657 nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
9658 params.basic_rates_len =
9659 nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
9660 changed |= WIPHY_BSS_PARAM_BASIC_RATES;
9661 }
9662 if (info->attrs[NL80211_ATTR_AP_ISOLATE]) {
9663 if (strict && !(bss_param_support & WIPHY_BSS_PARAM_AP_ISOLATE))
9664 return -EINVAL;
9665 params.ap_isolate =
9666 !!nla_get_u8(info->attrs[NL80211_ATTR_AP_ISOLATE]);
9667 changed |= WIPHY_BSS_PARAM_AP_ISOLATE;
9668 }
9669 if (info->attrs[NL80211_ATTR_BSS_HT_OPMODE]) {
9670 if (strict && !(bss_param_support & WIPHY_BSS_PARAM_HT_OPMODE))
9671 return -EINVAL;
9672 params.ht_opmode =
9673 nla_get_u16(info->attrs[NL80211_ATTR_BSS_HT_OPMODE]);
9674 changed |= WIPHY_BSS_PARAM_HT_OPMODE;
9675 }
9676
9677 if (info->attrs[NL80211_ATTR_P2P_CTWINDOW]) {
9678 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
9679 return -EINVAL;
9680 params.p2p_ctwindow =
9681 nla_get_u8(info->attrs[NL80211_ATTR_P2P_CTWINDOW]);
9682 if (params.p2p_ctwindow != 0 &&
9683 !(bss_param_support & WIPHY_BSS_PARAM_P2P_CTWINDOW))
9684 return -EINVAL;
9685 changed |= WIPHY_BSS_PARAM_P2P_CTWINDOW;
9686 }
9687
9688 if (info->attrs[NL80211_ATTR_P2P_OPPPS]) {
9689 u8 tmp;
9690
9691 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
9692 return -EINVAL;
9693 tmp = nla_get_u8(info->attrs[NL80211_ATTR_P2P_OPPPS]);
9694 if (tmp && !(bss_param_support & WIPHY_BSS_PARAM_P2P_OPPPS))
9695 return -EINVAL;
9696 params.p2p_opp_ps = tmp;
9697 if (params.p2p_opp_ps &&
9698 !(rdev->wiphy.bss_param_support & WIPHY_BSS_PARAM_P2P_OPPPS))
9699 return -EINVAL;
9700 }
9701
9702 if (!rdev->ops->change_bss)
9703 return -EOPNOTSUPP;
9704
9705 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
9706 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
9707 return -EOPNOTSUPP;
9708
9709 changed &= rdev->wiphy.bss_param_support;
9710 if (!changed)
9711 return 0;
9712
9713 return rdev_change_bss(rdev, dev, ¶ms);
9714 }
9715
nl80211_req_set_reg(struct sk_buff * skb,struct genl_info * info)9716 static int nl80211_req_set_reg(struct sk_buff *skb, struct genl_info *info)
9717 {
9718 char *data = NULL;
9719 bool is_indoor;
9720 enum nl80211_user_reg_hint_type user_reg_hint_type;
9721 u32 owner_nlportid;
9722
9723 /*
9724 * You should only get this when cfg80211 hasn't yet initialized
9725 * completely when built-in to the kernel right between the time
9726 * window between nl80211_init() and regulatory_init(), if that is
9727 * even possible.
9728 */
9729 if (unlikely(!rcu_access_pointer(cfg80211_regdomain)))
9730 return -EINPROGRESS;
9731
9732 user_reg_hint_type =
9733 nla_get_u32_default(info->attrs[NL80211_ATTR_USER_REG_HINT_TYPE],
9734 NL80211_USER_REG_HINT_USER);
9735
9736 switch (user_reg_hint_type) {
9737 case NL80211_USER_REG_HINT_USER:
9738 case NL80211_USER_REG_HINT_CELL_BASE:
9739 if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
9740 return -EINVAL;
9741
9742 data = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);
9743 return regulatory_hint_user(data, user_reg_hint_type);
9744 case NL80211_USER_REG_HINT_INDOOR:
9745 if (info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
9746 owner_nlportid = info->snd_portid;
9747 is_indoor = !!info->attrs[NL80211_ATTR_REG_INDOOR];
9748 } else {
9749 owner_nlportid = 0;
9750 is_indoor = true;
9751 }
9752
9753 regulatory_hint_indoor(is_indoor, owner_nlportid);
9754 return 0;
9755 default:
9756 return -EINVAL;
9757 }
9758 }
9759
nl80211_reload_regdb(struct sk_buff * skb,struct genl_info * info)9760 static int nl80211_reload_regdb(struct sk_buff *skb, struct genl_info *info)
9761 {
9762 return reg_reload_regdb();
9763 }
9764
nl80211_get_mesh_config(struct sk_buff * skb,struct genl_info * info)9765 static int nl80211_get_mesh_config(struct sk_buff *skb,
9766 struct genl_info *info)
9767 {
9768 struct cfg80211_registered_device *rdev = info->user_ptr[0];
9769 struct net_device *dev = info->user_ptr[1];
9770 struct wireless_dev *wdev = dev->ieee80211_ptr;
9771 struct mesh_config cur_params;
9772 int err = 0;
9773 void *hdr;
9774 struct nlattr *pinfoattr;
9775 struct sk_buff *msg;
9776
9777 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
9778 return -EOPNOTSUPP;
9779
9780 if (!rdev->ops->get_mesh_config)
9781 return -EOPNOTSUPP;
9782
9783 /* If not connected, get default parameters */
9784 if (!wdev->u.mesh.id_len)
9785 memcpy(&cur_params, &default_mesh_config, sizeof(cur_params));
9786 else
9787 err = rdev_get_mesh_config(rdev, dev, &cur_params);
9788
9789 if (err)
9790 return err;
9791
9792 /* Draw up a netlink message to send back */
9793 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
9794 if (!msg)
9795 return -ENOMEM;
9796 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
9797 NL80211_CMD_GET_MESH_CONFIG);
9798 if (!hdr)
9799 goto out;
9800 pinfoattr = nla_nest_start_noflag(msg, NL80211_ATTR_MESH_CONFIG);
9801 if (!pinfoattr)
9802 goto nla_put_failure;
9803 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
9804 nla_put_u16(msg, NL80211_MESHCONF_RETRY_TIMEOUT,
9805 cur_params.dot11MeshRetryTimeout) ||
9806 nla_put_u16(msg, NL80211_MESHCONF_CONFIRM_TIMEOUT,
9807 cur_params.dot11MeshConfirmTimeout) ||
9808 nla_put_u16(msg, NL80211_MESHCONF_HOLDING_TIMEOUT,
9809 cur_params.dot11MeshHoldingTimeout) ||
9810 nla_put_u16(msg, NL80211_MESHCONF_MAX_PEER_LINKS,
9811 cur_params.dot11MeshMaxPeerLinks) ||
9812 nla_put_u8(msg, NL80211_MESHCONF_MAX_RETRIES,
9813 cur_params.dot11MeshMaxRetries) ||
9814 nla_put_u8(msg, NL80211_MESHCONF_TTL,
9815 cur_params.dot11MeshTTL) ||
9816 nla_put_u8(msg, NL80211_MESHCONF_ELEMENT_TTL,
9817 cur_params.element_ttl) ||
9818 nla_put_u8(msg, NL80211_MESHCONF_AUTO_OPEN_PLINKS,
9819 cur_params.auto_open_plinks) ||
9820 nla_put_u32(msg, NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR,
9821 cur_params.dot11MeshNbrOffsetMaxNeighbor) ||
9822 nla_put_u8(msg, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
9823 cur_params.dot11MeshHWMPmaxPREQretries) ||
9824 nla_put_u32(msg, NL80211_MESHCONF_PATH_REFRESH_TIME,
9825 cur_params.path_refresh_time) ||
9826 nla_put_u16(msg, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
9827 cur_params.min_discovery_timeout) ||
9828 nla_put_u32(msg, NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
9829 cur_params.dot11MeshHWMPactivePathTimeout) ||
9830 nla_put_u16(msg, NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
9831 cur_params.dot11MeshHWMPpreqMinInterval) ||
9832 nla_put_u16(msg, NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL,
9833 cur_params.dot11MeshHWMPperrMinInterval) ||
9834 nla_put_u16(msg, NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
9835 cur_params.dot11MeshHWMPnetDiameterTraversalTime) ||
9836 nla_put_u8(msg, NL80211_MESHCONF_HWMP_ROOTMODE,
9837 cur_params.dot11MeshHWMPRootMode) ||
9838 nla_put_u16(msg, NL80211_MESHCONF_HWMP_RANN_INTERVAL,
9839 cur_params.dot11MeshHWMPRannInterval) ||
9840 nla_put_u8(msg, NL80211_MESHCONF_GATE_ANNOUNCEMENTS,
9841 cur_params.dot11MeshGateAnnouncementProtocol) ||
9842 nla_put_u8(msg, NL80211_MESHCONF_FORWARDING,
9843 cur_params.dot11MeshForwarding) ||
9844 nla_put_s32(msg, NL80211_MESHCONF_RSSI_THRESHOLD,
9845 cur_params.rssi_threshold) ||
9846 nla_put_u32(msg, NL80211_MESHCONF_HT_OPMODE,
9847 cur_params.ht_opmode) ||
9848 nla_put_u32(msg, NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT,
9849 cur_params.dot11MeshHWMPactivePathToRootTimeout) ||
9850 nla_put_u16(msg, NL80211_MESHCONF_HWMP_ROOT_INTERVAL,
9851 cur_params.dot11MeshHWMProotInterval) ||
9852 nla_put_u16(msg, NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL,
9853 cur_params.dot11MeshHWMPconfirmationInterval) ||
9854 nla_put_u32(msg, NL80211_MESHCONF_POWER_MODE,
9855 cur_params.power_mode) ||
9856 nla_put_u16(msg, NL80211_MESHCONF_AWAKE_WINDOW,
9857 cur_params.dot11MeshAwakeWindowDuration) ||
9858 nla_put_u32(msg, NL80211_MESHCONF_PLINK_TIMEOUT,
9859 cur_params.plink_timeout) ||
9860 nla_put_u8(msg, NL80211_MESHCONF_CONNECTED_TO_GATE,
9861 cur_params.dot11MeshConnectedToMeshGate) ||
9862 nla_put_u8(msg, NL80211_MESHCONF_NOLEARN,
9863 cur_params.dot11MeshNolearn) ||
9864 nla_put_u8(msg, NL80211_MESHCONF_CONNECTED_TO_AS,
9865 cur_params.dot11MeshConnectedToAuthServer))
9866 goto nla_put_failure;
9867 nla_nest_end(msg, pinfoattr);
9868 genlmsg_end(msg, hdr);
9869 return genlmsg_reply(msg, info);
9870
9871 nla_put_failure:
9872 out:
9873 nlmsg_free(msg);
9874 return -ENOBUFS;
9875 }
9876
9877 static const struct nla_policy
9878 nl80211_meshconf_params_policy[NL80211_MESHCONF_ATTR_MAX+1] = {
9879 [NL80211_MESHCONF_RETRY_TIMEOUT] =
9880 NLA_POLICY_RANGE(NLA_U16, 1, 255),
9881 [NL80211_MESHCONF_CONFIRM_TIMEOUT] =
9882 NLA_POLICY_RANGE(NLA_U16, 1, 255),
9883 [NL80211_MESHCONF_HOLDING_TIMEOUT] =
9884 NLA_POLICY_RANGE(NLA_U16, 1, 255),
9885 [NL80211_MESHCONF_MAX_PEER_LINKS] =
9886 NLA_POLICY_RANGE(NLA_U16, 0, 255),
9887 [NL80211_MESHCONF_MAX_RETRIES] = NLA_POLICY_MAX(NLA_U8, 16),
9888 [NL80211_MESHCONF_TTL] = NLA_POLICY_MIN(NLA_U8, 1),
9889 [NL80211_MESHCONF_ELEMENT_TTL] = NLA_POLICY_MIN(NLA_U8, 1),
9890 [NL80211_MESHCONF_AUTO_OPEN_PLINKS] = NLA_POLICY_MAX(NLA_U8, 1),
9891 [NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR] =
9892 NLA_POLICY_RANGE(NLA_U32, 1, 255),
9893 [NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES] = { .type = NLA_U8 },
9894 [NL80211_MESHCONF_PATH_REFRESH_TIME] = { .type = NLA_U32 },
9895 [NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT] = NLA_POLICY_MIN(NLA_U16, 1),
9896 [NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT] = { .type = NLA_U32 },
9897 [NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL] =
9898 NLA_POLICY_MIN(NLA_U16, 1),
9899 [NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL] =
9900 NLA_POLICY_MIN(NLA_U16, 1),
9901 [NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME] =
9902 NLA_POLICY_MIN(NLA_U16, 1),
9903 [NL80211_MESHCONF_HWMP_ROOTMODE] = NLA_POLICY_MAX(NLA_U8, 4),
9904 [NL80211_MESHCONF_HWMP_RANN_INTERVAL] =
9905 NLA_POLICY_MIN(NLA_U16, 1),
9906 [NL80211_MESHCONF_GATE_ANNOUNCEMENTS] = NLA_POLICY_MAX(NLA_U8, 1),
9907 [NL80211_MESHCONF_FORWARDING] = NLA_POLICY_MAX(NLA_U8, 1),
9908 [NL80211_MESHCONF_RSSI_THRESHOLD] =
9909 NLA_POLICY_RANGE(NLA_S32, -255, 0),
9910 [NL80211_MESHCONF_HT_OPMODE] = { .type = NLA_U16 },
9911 [NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT] = { .type = NLA_U32 },
9912 [NL80211_MESHCONF_HWMP_ROOT_INTERVAL] =
9913 NLA_POLICY_MIN(NLA_U16, 1),
9914 [NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL] =
9915 NLA_POLICY_MIN(NLA_U16, 1),
9916 [NL80211_MESHCONF_POWER_MODE] =
9917 NLA_POLICY_RANGE(NLA_U32,
9918 NL80211_MESH_POWER_ACTIVE,
9919 NL80211_MESH_POWER_MAX),
9920 [NL80211_MESHCONF_AWAKE_WINDOW] = { .type = NLA_U16 },
9921 [NL80211_MESHCONF_PLINK_TIMEOUT] = { .type = NLA_U32 },
9922 [NL80211_MESHCONF_CONNECTED_TO_GATE] = NLA_POLICY_RANGE(NLA_U8, 0, 1),
9923 [NL80211_MESHCONF_NOLEARN] = NLA_POLICY_RANGE(NLA_U8, 0, 1),
9924 [NL80211_MESHCONF_CONNECTED_TO_AS] = NLA_POLICY_RANGE(NLA_U8, 0, 1),
9925 };
9926
9927 static const struct nla_policy
9928 nl80211_mesh_setup_params_policy[NL80211_MESH_SETUP_ATTR_MAX+1] = {
9929 [NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC] = { .type = NLA_U8 },
9930 [NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL] = { .type = NLA_U8 },
9931 [NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC] = { .type = NLA_U8 },
9932 [NL80211_MESH_SETUP_USERSPACE_AUTH] = { .type = NLA_FLAG },
9933 [NL80211_MESH_SETUP_AUTH_PROTOCOL] = { .type = NLA_U8 },
9934 [NL80211_MESH_SETUP_USERSPACE_MPM] = { .type = NLA_FLAG },
9935 [NL80211_MESH_SETUP_IE] =
9936 NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_ie_attr,
9937 IEEE80211_MAX_DATA_LEN),
9938 [NL80211_MESH_SETUP_USERSPACE_AMPE] = { .type = NLA_FLAG },
9939 };
9940
nl80211_parse_mesh_config(struct genl_info * info,struct mesh_config * cfg,u32 * mask_out)9941 static int nl80211_parse_mesh_config(struct genl_info *info,
9942 struct mesh_config *cfg,
9943 u32 *mask_out)
9944 {
9945 struct nlattr *tb[NL80211_MESHCONF_ATTR_MAX + 1];
9946 u32 mask = 0;
9947 u16 ht_opmode;
9948
9949 #define FILL_IN_MESH_PARAM_IF_SET(tb, cfg, param, mask, attr, fn) \
9950 do { \
9951 if (tb[attr]) { \
9952 cfg->param = fn(tb[attr]); \
9953 mask |= BIT((attr) - 1); \
9954 } \
9955 } while (0)
9956
9957 if (!info->attrs[NL80211_ATTR_MESH_CONFIG])
9958 return -EINVAL;
9959 if (nla_parse_nested_deprecated(tb, NL80211_MESHCONF_ATTR_MAX, info->attrs[NL80211_ATTR_MESH_CONFIG], nl80211_meshconf_params_policy, info->extack))
9960 return -EINVAL;
9961
9962 /* This makes sure that there aren't more than 32 mesh config
9963 * parameters (otherwise our bitfield scheme would not work.) */
9964 BUILD_BUG_ON(NL80211_MESHCONF_ATTR_MAX > 32);
9965
9966 /* Fill in the params struct */
9967 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshRetryTimeout, mask,
9968 NL80211_MESHCONF_RETRY_TIMEOUT, nla_get_u16);
9969 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshConfirmTimeout, mask,
9970 NL80211_MESHCONF_CONFIRM_TIMEOUT,
9971 nla_get_u16);
9972 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHoldingTimeout, mask,
9973 NL80211_MESHCONF_HOLDING_TIMEOUT,
9974 nla_get_u16);
9975 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxPeerLinks, mask,
9976 NL80211_MESHCONF_MAX_PEER_LINKS,
9977 nla_get_u16);
9978 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxRetries, mask,
9979 NL80211_MESHCONF_MAX_RETRIES, nla_get_u8);
9980 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshTTL, mask,
9981 NL80211_MESHCONF_TTL, nla_get_u8);
9982 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, element_ttl, mask,
9983 NL80211_MESHCONF_ELEMENT_TTL, nla_get_u8);
9984 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, auto_open_plinks, mask,
9985 NL80211_MESHCONF_AUTO_OPEN_PLINKS,
9986 nla_get_u8);
9987 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshNbrOffsetMaxNeighbor,
9988 mask,
9989 NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR,
9990 nla_get_u32);
9991 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPmaxPREQretries, mask,
9992 NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
9993 nla_get_u8);
9994 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, path_refresh_time, mask,
9995 NL80211_MESHCONF_PATH_REFRESH_TIME,
9996 nla_get_u32);
9997 if (mask & BIT(NL80211_MESHCONF_PATH_REFRESH_TIME) &&
9998 (cfg->path_refresh_time < 1 || cfg->path_refresh_time > 65535))
9999 return -EINVAL;
10000 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, min_discovery_timeout, mask,
10001 NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
10002 nla_get_u16);
10003 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPactivePathTimeout,
10004 mask,
10005 NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
10006 nla_get_u32);
10007 if (mask & BIT(NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT) &&
10008 (cfg->dot11MeshHWMPactivePathTimeout < 1 ||
10009 cfg->dot11MeshHWMPactivePathTimeout > 65535))
10010 return -EINVAL;
10011 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPpreqMinInterval, mask,
10012 NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
10013 nla_get_u16);
10014 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPperrMinInterval, mask,
10015 NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL,
10016 nla_get_u16);
10017 FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
10018 dot11MeshHWMPnetDiameterTraversalTime, mask,
10019 NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
10020 nla_get_u16);
10021 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPRootMode, mask,
10022 NL80211_MESHCONF_HWMP_ROOTMODE, nla_get_u8);
10023 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPRannInterval, mask,
10024 NL80211_MESHCONF_HWMP_RANN_INTERVAL,
10025 nla_get_u16);
10026 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshGateAnnouncementProtocol,
10027 mask, NL80211_MESHCONF_GATE_ANNOUNCEMENTS,
10028 nla_get_u8);
10029 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshForwarding, mask,
10030 NL80211_MESHCONF_FORWARDING, nla_get_u8);
10031 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, rssi_threshold, mask,
10032 NL80211_MESHCONF_RSSI_THRESHOLD,
10033 nla_get_s32);
10034 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshConnectedToMeshGate, mask,
10035 NL80211_MESHCONF_CONNECTED_TO_GATE,
10036 nla_get_u8);
10037 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshConnectedToAuthServer, mask,
10038 NL80211_MESHCONF_CONNECTED_TO_AS,
10039 nla_get_u8);
10040 /*
10041 * Check HT operation mode based on
10042 * IEEE 802.11-2016 9.4.2.57 HT Operation element.
10043 */
10044 if (tb[NL80211_MESHCONF_HT_OPMODE]) {
10045 ht_opmode = nla_get_u16(tb[NL80211_MESHCONF_HT_OPMODE]);
10046
10047 if (ht_opmode & ~(IEEE80211_HT_OP_MODE_PROTECTION |
10048 IEEE80211_HT_OP_MODE_NON_GF_STA_PRSNT |
10049 IEEE80211_HT_OP_MODE_NON_HT_STA_PRSNT))
10050 return -EINVAL;
10051
10052 /* NON_HT_STA bit is reserved, but some programs set it */
10053 ht_opmode &= ~IEEE80211_HT_OP_MODE_NON_HT_STA_PRSNT;
10054
10055 cfg->ht_opmode = ht_opmode;
10056 mask |= (1 << (NL80211_MESHCONF_HT_OPMODE - 1));
10057 }
10058 FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
10059 dot11MeshHWMPactivePathToRootTimeout, mask,
10060 NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT,
10061 nla_get_u32);
10062 if (mask & BIT(NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT) &&
10063 (cfg->dot11MeshHWMPactivePathToRootTimeout < 1 ||
10064 cfg->dot11MeshHWMPactivePathToRootTimeout > 65535))
10065 return -EINVAL;
10066 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMProotInterval, mask,
10067 NL80211_MESHCONF_HWMP_ROOT_INTERVAL,
10068 nla_get_u16);
10069 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPconfirmationInterval,
10070 mask,
10071 NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL,
10072 nla_get_u16);
10073 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, power_mode, mask,
10074 NL80211_MESHCONF_POWER_MODE, nla_get_u32);
10075 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshAwakeWindowDuration, mask,
10076 NL80211_MESHCONF_AWAKE_WINDOW, nla_get_u16);
10077 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, plink_timeout, mask,
10078 NL80211_MESHCONF_PLINK_TIMEOUT, nla_get_u32);
10079 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshNolearn, mask,
10080 NL80211_MESHCONF_NOLEARN, nla_get_u8);
10081 if (mask_out)
10082 *mask_out = mask;
10083
10084 return 0;
10085
10086 #undef FILL_IN_MESH_PARAM_IF_SET
10087 }
10088
nl80211_parse_mesh_setup(struct genl_info * info,struct mesh_setup * setup)10089 static int nl80211_parse_mesh_setup(struct genl_info *info,
10090 struct mesh_setup *setup)
10091 {
10092 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10093 struct nlattr *tb[NL80211_MESH_SETUP_ATTR_MAX + 1];
10094
10095 if (!info->attrs[NL80211_ATTR_MESH_SETUP])
10096 return -EINVAL;
10097 if (nla_parse_nested_deprecated(tb, NL80211_MESH_SETUP_ATTR_MAX, info->attrs[NL80211_ATTR_MESH_SETUP], nl80211_mesh_setup_params_policy, info->extack))
10098 return -EINVAL;
10099
10100 if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC])
10101 setup->sync_method =
10102 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC])) ?
10103 IEEE80211_SYNC_METHOD_VENDOR :
10104 IEEE80211_SYNC_METHOD_NEIGHBOR_OFFSET;
10105
10106 if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])
10107 setup->path_sel_proto =
10108 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])) ?
10109 IEEE80211_PATH_PROTOCOL_VENDOR :
10110 IEEE80211_PATH_PROTOCOL_HWMP;
10111
10112 if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])
10113 setup->path_metric =
10114 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])) ?
10115 IEEE80211_PATH_METRIC_VENDOR :
10116 IEEE80211_PATH_METRIC_AIRTIME;
10117
10118 if (tb[NL80211_MESH_SETUP_IE]) {
10119 struct nlattr *ieattr =
10120 tb[NL80211_MESH_SETUP_IE];
10121 setup->ie = nla_data(ieattr);
10122 setup->ie_len = nla_len(ieattr);
10123 }
10124 if (tb[NL80211_MESH_SETUP_USERSPACE_MPM] &&
10125 !(rdev->wiphy.features & NL80211_FEATURE_USERSPACE_MPM))
10126 return -EINVAL;
10127 setup->user_mpm = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_MPM]);
10128 setup->is_authenticated = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AUTH]);
10129 setup->is_secure = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AMPE]);
10130 if (setup->is_secure)
10131 setup->user_mpm = true;
10132
10133 if (tb[NL80211_MESH_SETUP_AUTH_PROTOCOL]) {
10134 if (!setup->user_mpm)
10135 return -EINVAL;
10136 setup->auth_id =
10137 nla_get_u8(tb[NL80211_MESH_SETUP_AUTH_PROTOCOL]);
10138 }
10139
10140 return 0;
10141 }
10142
nl80211_update_mesh_config(struct sk_buff * skb,struct genl_info * info)10143 static int nl80211_update_mesh_config(struct sk_buff *skb,
10144 struct genl_info *info)
10145 {
10146 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10147 struct net_device *dev = info->user_ptr[1];
10148 struct wireless_dev *wdev = dev->ieee80211_ptr;
10149 struct mesh_config cfg = {};
10150 u32 mask;
10151 int err;
10152
10153 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
10154 return -EOPNOTSUPP;
10155
10156 if (!rdev->ops->update_mesh_config)
10157 return -EOPNOTSUPP;
10158
10159 err = nl80211_parse_mesh_config(info, &cfg, &mask);
10160 if (err)
10161 return err;
10162
10163 if (!wdev->u.mesh.id_len)
10164 err = -ENOLINK;
10165
10166 if (!err)
10167 err = rdev_update_mesh_config(rdev, dev, mask, &cfg);
10168
10169 return err;
10170 }
10171
nl80211_put_regdom(const struct ieee80211_regdomain * regdom,struct sk_buff * msg)10172 static int nl80211_put_regdom(const struct ieee80211_regdomain *regdom,
10173 struct sk_buff *msg)
10174 {
10175 struct nlattr *nl_reg_rules;
10176 unsigned int i;
10177
10178 if (nla_put_string(msg, NL80211_ATTR_REG_ALPHA2, regdom->alpha2) ||
10179 (regdom->dfs_region &&
10180 nla_put_u8(msg, NL80211_ATTR_DFS_REGION, regdom->dfs_region)))
10181 goto nla_put_failure;
10182
10183 nl_reg_rules = nla_nest_start_noflag(msg, NL80211_ATTR_REG_RULES);
10184 if (!nl_reg_rules)
10185 goto nla_put_failure;
10186
10187 for (i = 0; i < regdom->n_reg_rules; i++) {
10188 struct nlattr *nl_reg_rule;
10189 const struct ieee80211_reg_rule *reg_rule;
10190 const struct ieee80211_freq_range *freq_range;
10191 const struct ieee80211_power_rule *power_rule;
10192 unsigned int max_bandwidth_khz;
10193
10194 reg_rule = ®dom->reg_rules[i];
10195 freq_range = ®_rule->freq_range;
10196 power_rule = ®_rule->power_rule;
10197
10198 nl_reg_rule = nla_nest_start_noflag(msg, i);
10199 if (!nl_reg_rule)
10200 goto nla_put_failure;
10201
10202 max_bandwidth_khz = freq_range->max_bandwidth_khz;
10203 if (!max_bandwidth_khz)
10204 max_bandwidth_khz = reg_get_max_bandwidth(regdom,
10205 reg_rule);
10206
10207 if (nla_put_u32(msg, NL80211_ATTR_REG_RULE_FLAGS,
10208 reg_rule->flags) ||
10209 nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_START,
10210 freq_range->start_freq_khz) ||
10211 nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_END,
10212 freq_range->end_freq_khz) ||
10213 nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_MAX_BW,
10214 max_bandwidth_khz) ||
10215 nla_put_u32(msg, NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN,
10216 power_rule->max_antenna_gain) ||
10217 nla_put_u32(msg, NL80211_ATTR_POWER_RULE_MAX_EIRP,
10218 power_rule->max_eirp) ||
10219 nla_put_u32(msg, NL80211_ATTR_DFS_CAC_TIME,
10220 reg_rule->dfs_cac_ms))
10221 goto nla_put_failure;
10222
10223 if ((reg_rule->flags & NL80211_RRF_PSD) &&
10224 nla_put_s8(msg, NL80211_ATTR_POWER_RULE_PSD,
10225 reg_rule->psd))
10226 goto nla_put_failure;
10227
10228 nla_nest_end(msg, nl_reg_rule);
10229 }
10230
10231 nla_nest_end(msg, nl_reg_rules);
10232 return 0;
10233
10234 nla_put_failure:
10235 return -EMSGSIZE;
10236 }
10237
nl80211_get_reg_do(struct sk_buff * skb,struct genl_info * info)10238 static int nl80211_get_reg_do(struct sk_buff *skb, struct genl_info *info)
10239 {
10240 const struct ieee80211_regdomain *regdom = NULL;
10241 struct cfg80211_registered_device *rdev;
10242 struct wiphy *wiphy = NULL;
10243 struct sk_buff *msg;
10244 int err = -EMSGSIZE;
10245 void *hdr;
10246
10247 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
10248 if (!msg)
10249 return -ENOBUFS;
10250
10251 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
10252 NL80211_CMD_GET_REG);
10253 if (!hdr)
10254 goto put_failure;
10255
10256 rtnl_lock();
10257
10258 if (info->attrs[NL80211_ATTR_WIPHY]) {
10259 bool self_managed;
10260
10261 rdev = cfg80211_get_dev_from_info(genl_info_net(info), info);
10262 if (IS_ERR(rdev)) {
10263 err = PTR_ERR(rdev);
10264 goto nla_put_failure;
10265 }
10266
10267 wiphy = &rdev->wiphy;
10268 self_managed = wiphy->regulatory_flags &
10269 REGULATORY_WIPHY_SELF_MANAGED;
10270
10271 rcu_read_lock();
10272
10273 regdom = get_wiphy_regdom(wiphy);
10274
10275 /* a self-managed-reg device must have a private regdom */
10276 if (WARN_ON(!regdom && self_managed)) {
10277 err = -EINVAL;
10278 goto nla_put_failure_rcu;
10279 }
10280
10281 if (regdom &&
10282 nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy)))
10283 goto nla_put_failure_rcu;
10284 } else {
10285 rcu_read_lock();
10286 }
10287
10288 if (!wiphy && reg_last_request_cell_base() &&
10289 nla_put_u32(msg, NL80211_ATTR_USER_REG_HINT_TYPE,
10290 NL80211_USER_REG_HINT_CELL_BASE))
10291 goto nla_put_failure_rcu;
10292
10293 if (!regdom)
10294 regdom = rcu_dereference(cfg80211_regdomain);
10295
10296 if (nl80211_put_regdom(regdom, msg))
10297 goto nla_put_failure_rcu;
10298
10299 rcu_read_unlock();
10300
10301 genlmsg_end(msg, hdr);
10302 rtnl_unlock();
10303 return genlmsg_reply(msg, info);
10304
10305 nla_put_failure_rcu:
10306 rcu_read_unlock();
10307 nla_put_failure:
10308 rtnl_unlock();
10309 put_failure:
10310 nlmsg_free(msg);
10311 return err;
10312 }
10313
nl80211_send_regdom(struct sk_buff * msg,struct netlink_callback * cb,u32 seq,int flags,struct wiphy * wiphy,const struct ieee80211_regdomain * regdom)10314 static int nl80211_send_regdom(struct sk_buff *msg, struct netlink_callback *cb,
10315 u32 seq, int flags, struct wiphy *wiphy,
10316 const struct ieee80211_regdomain *regdom)
10317 {
10318 void *hdr = nl80211hdr_put(msg, NETLINK_CB(cb->skb).portid, seq, flags,
10319 NL80211_CMD_GET_REG);
10320
10321 if (!hdr)
10322 return -1;
10323
10324 genl_dump_check_consistent(cb, hdr);
10325
10326 if (nl80211_put_regdom(regdom, msg))
10327 goto nla_put_failure;
10328
10329 if (!wiphy && reg_last_request_cell_base() &&
10330 nla_put_u32(msg, NL80211_ATTR_USER_REG_HINT_TYPE,
10331 NL80211_USER_REG_HINT_CELL_BASE))
10332 goto nla_put_failure;
10333
10334 if (wiphy &&
10335 nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy)))
10336 goto nla_put_failure;
10337
10338 if (wiphy && wiphy->regulatory_flags & REGULATORY_WIPHY_SELF_MANAGED &&
10339 nla_put_flag(msg, NL80211_ATTR_WIPHY_SELF_MANAGED_REG))
10340 goto nla_put_failure;
10341
10342 genlmsg_end(msg, hdr);
10343 return 0;
10344
10345 nla_put_failure:
10346 genlmsg_cancel(msg, hdr);
10347 return -EMSGSIZE;
10348 }
10349
nl80211_get_reg_dump(struct sk_buff * skb,struct netlink_callback * cb)10350 static int nl80211_get_reg_dump(struct sk_buff *skb,
10351 struct netlink_callback *cb)
10352 {
10353 const struct ieee80211_regdomain *regdom = NULL;
10354 struct cfg80211_registered_device *rdev;
10355 int err, reg_idx, start = cb->args[2];
10356
10357 rcu_read_lock();
10358
10359 if (cfg80211_regdomain && start == 0) {
10360 err = nl80211_send_regdom(skb, cb, cb->nlh->nlmsg_seq,
10361 NLM_F_MULTI, NULL,
10362 rcu_dereference(cfg80211_regdomain));
10363 if (err < 0)
10364 goto out_err;
10365 }
10366
10367 /* the global regdom is idx 0 */
10368 reg_idx = 1;
10369 list_for_each_entry_rcu(rdev, &cfg80211_rdev_list, list) {
10370 regdom = get_wiphy_regdom(&rdev->wiphy);
10371 if (!regdom)
10372 continue;
10373
10374 if (++reg_idx <= start)
10375 continue;
10376
10377 err = nl80211_send_regdom(skb, cb, cb->nlh->nlmsg_seq,
10378 NLM_F_MULTI, &rdev->wiphy, regdom);
10379 if (err < 0) {
10380 reg_idx--;
10381 break;
10382 }
10383 }
10384
10385 cb->args[2] = reg_idx;
10386 err = skb->len;
10387 out_err:
10388 rcu_read_unlock();
10389 return err;
10390 }
10391
10392 #ifdef CONFIG_CFG80211_CRDA_SUPPORT
10393 static const struct nla_policy reg_rule_policy[NL80211_REG_RULE_ATTR_MAX + 1] = {
10394 [NL80211_ATTR_REG_RULE_FLAGS] = { .type = NLA_U32 },
10395 [NL80211_ATTR_FREQ_RANGE_START] = { .type = NLA_U32 },
10396 [NL80211_ATTR_FREQ_RANGE_END] = { .type = NLA_U32 },
10397 [NL80211_ATTR_FREQ_RANGE_MAX_BW] = { .type = NLA_U32 },
10398 [NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN] = { .type = NLA_U32 },
10399 [NL80211_ATTR_POWER_RULE_MAX_EIRP] = { .type = NLA_U32 },
10400 [NL80211_ATTR_DFS_CAC_TIME] = { .type = NLA_U32 },
10401 };
10402
parse_reg_rule(struct nlattr * tb[],struct ieee80211_reg_rule * reg_rule)10403 static int parse_reg_rule(struct nlattr *tb[],
10404 struct ieee80211_reg_rule *reg_rule)
10405 {
10406 struct ieee80211_freq_range *freq_range = ®_rule->freq_range;
10407 struct ieee80211_power_rule *power_rule = ®_rule->power_rule;
10408
10409 if (!tb[NL80211_ATTR_REG_RULE_FLAGS])
10410 return -EINVAL;
10411 if (!tb[NL80211_ATTR_FREQ_RANGE_START])
10412 return -EINVAL;
10413 if (!tb[NL80211_ATTR_FREQ_RANGE_END])
10414 return -EINVAL;
10415 if (!tb[NL80211_ATTR_FREQ_RANGE_MAX_BW])
10416 return -EINVAL;
10417 if (!tb[NL80211_ATTR_POWER_RULE_MAX_EIRP])
10418 return -EINVAL;
10419
10420 reg_rule->flags = nla_get_u32(tb[NL80211_ATTR_REG_RULE_FLAGS]);
10421
10422 freq_range->start_freq_khz =
10423 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_START]);
10424 freq_range->end_freq_khz =
10425 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_END]);
10426 freq_range->max_bandwidth_khz =
10427 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]);
10428
10429 power_rule->max_eirp =
10430 nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_EIRP]);
10431
10432 if (tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN])
10433 power_rule->max_antenna_gain =
10434 nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]);
10435
10436 if (tb[NL80211_ATTR_DFS_CAC_TIME])
10437 reg_rule->dfs_cac_ms =
10438 nla_get_u32(tb[NL80211_ATTR_DFS_CAC_TIME]);
10439
10440 return 0;
10441 }
10442
nl80211_set_reg(struct sk_buff * skb,struct genl_info * info)10443 static int nl80211_set_reg(struct sk_buff *skb, struct genl_info *info)
10444 {
10445 struct nlattr *tb[NL80211_REG_RULE_ATTR_MAX + 1];
10446 struct nlattr *nl_reg_rule;
10447 char *alpha2;
10448 int rem_reg_rules, r;
10449 u32 num_rules = 0, rule_idx = 0;
10450 enum nl80211_dfs_regions dfs_region = NL80211_DFS_UNSET;
10451 struct ieee80211_regdomain *rd;
10452
10453 if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
10454 return -EINVAL;
10455
10456 if (!info->attrs[NL80211_ATTR_REG_RULES])
10457 return -EINVAL;
10458
10459 alpha2 = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);
10460
10461 if (info->attrs[NL80211_ATTR_DFS_REGION])
10462 dfs_region = nla_get_u8(info->attrs[NL80211_ATTR_DFS_REGION]);
10463
10464 nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
10465 rem_reg_rules) {
10466 num_rules++;
10467 if (num_rules > NL80211_MAX_SUPP_REG_RULES)
10468 return -EINVAL;
10469 }
10470
10471 rtnl_lock();
10472 if (!reg_is_valid_request(alpha2)) {
10473 r = -EINVAL;
10474 goto out;
10475 }
10476
10477 rd = kzalloc_flex(*rd, reg_rules, num_rules);
10478 if (!rd) {
10479 r = -ENOMEM;
10480 goto out;
10481 }
10482
10483 rd->n_reg_rules = num_rules;
10484 rd->alpha2[0] = alpha2[0];
10485 rd->alpha2[1] = alpha2[1];
10486
10487 /*
10488 * Disable DFS master mode if the DFS region was
10489 * not supported or known on this kernel.
10490 */
10491 if (reg_supported_dfs_region(dfs_region))
10492 rd->dfs_region = dfs_region;
10493
10494 nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
10495 rem_reg_rules) {
10496 r = nla_parse_nested_deprecated(tb, NL80211_REG_RULE_ATTR_MAX,
10497 nl_reg_rule, reg_rule_policy,
10498 info->extack);
10499 if (r)
10500 goto bad_reg;
10501 r = parse_reg_rule(tb, &rd->reg_rules[rule_idx]);
10502 if (r)
10503 goto bad_reg;
10504
10505 rule_idx++;
10506
10507 if (rule_idx > NL80211_MAX_SUPP_REG_RULES) {
10508 r = -EINVAL;
10509 goto bad_reg;
10510 }
10511 }
10512
10513 r = set_regdom(rd, REGD_SOURCE_CRDA);
10514 /* set_regdom takes ownership of rd */
10515 rd = NULL;
10516 bad_reg:
10517 kfree(rd);
10518 out:
10519 rtnl_unlock();
10520 return r;
10521 }
10522 #endif /* CONFIG_CFG80211_CRDA_SUPPORT */
10523
validate_scan_freqs(struct nlattr * freqs)10524 static int validate_scan_freqs(struct nlattr *freqs)
10525 {
10526 struct nlattr *attr1, *attr2;
10527 int n_channels = 0, tmp1, tmp2;
10528
10529 nla_for_each_nested(attr1, freqs, tmp1)
10530 if (nla_len(attr1) != sizeof(u32))
10531 return 0;
10532
10533 nla_for_each_nested(attr1, freqs, tmp1) {
10534 n_channels++;
10535 /*
10536 * Some hardware has a limited channel list for
10537 * scanning, and it is pretty much nonsensical
10538 * to scan for a channel twice, so disallow that
10539 * and don't require drivers to check that the
10540 * channel list they get isn't longer than what
10541 * they can scan, as long as they can scan all
10542 * the channels they registered at once.
10543 */
10544 nla_for_each_nested(attr2, freqs, tmp2)
10545 if (attr1 != attr2 &&
10546 nla_get_u32(attr1) == nla_get_u32(attr2))
10547 return 0;
10548 }
10549
10550 return n_channels;
10551 }
10552
is_band_valid(struct wiphy * wiphy,enum nl80211_band b)10553 static bool is_band_valid(struct wiphy *wiphy, enum nl80211_band b)
10554 {
10555 return b < NUM_NL80211_BANDS && wiphy->bands[b];
10556 }
10557
parse_bss_select(struct nlattr * nla,struct wiphy * wiphy,struct cfg80211_bss_selection * bss_select)10558 static int parse_bss_select(struct nlattr *nla, struct wiphy *wiphy,
10559 struct cfg80211_bss_selection *bss_select)
10560 {
10561 struct nlattr *attr[NL80211_BSS_SELECT_ATTR_MAX + 1];
10562 struct nlattr *nest;
10563 int err;
10564 bool found = false;
10565 int i;
10566
10567 /* only process one nested attribute */
10568 nest = nla_data(nla);
10569 if (!nla_ok(nest, nla_len(nest)))
10570 return -EINVAL;
10571
10572 err = nla_parse_nested_deprecated(attr, NL80211_BSS_SELECT_ATTR_MAX,
10573 nest, nl80211_bss_select_policy,
10574 NULL);
10575 if (err)
10576 return err;
10577
10578 /* only one attribute may be given */
10579 for (i = 0; i <= NL80211_BSS_SELECT_ATTR_MAX; i++) {
10580 if (attr[i]) {
10581 if (found)
10582 return -EINVAL;
10583 found = true;
10584 }
10585 }
10586
10587 bss_select->behaviour = __NL80211_BSS_SELECT_ATTR_INVALID;
10588
10589 if (attr[NL80211_BSS_SELECT_ATTR_RSSI])
10590 bss_select->behaviour = NL80211_BSS_SELECT_ATTR_RSSI;
10591
10592 if (attr[NL80211_BSS_SELECT_ATTR_BAND_PREF]) {
10593 bss_select->behaviour = NL80211_BSS_SELECT_ATTR_BAND_PREF;
10594 bss_select->param.band_pref =
10595 nla_get_u32(attr[NL80211_BSS_SELECT_ATTR_BAND_PREF]);
10596 if (!is_band_valid(wiphy, bss_select->param.band_pref))
10597 return -EINVAL;
10598 }
10599
10600 if (attr[NL80211_BSS_SELECT_ATTR_RSSI_ADJUST]) {
10601 struct nl80211_bss_select_rssi_adjust *adj_param;
10602
10603 adj_param = nla_data(attr[NL80211_BSS_SELECT_ATTR_RSSI_ADJUST]);
10604 bss_select->behaviour = NL80211_BSS_SELECT_ATTR_RSSI_ADJUST;
10605 bss_select->param.adjust.band = adj_param->band;
10606 bss_select->param.adjust.delta = adj_param->delta;
10607 if (!is_band_valid(wiphy, bss_select->param.adjust.band))
10608 return -EINVAL;
10609 }
10610
10611 /* user-space did not provide behaviour attribute */
10612 if (bss_select->behaviour == __NL80211_BSS_SELECT_ATTR_INVALID)
10613 return -EINVAL;
10614
10615 if (!(wiphy->bss_select_support & BIT(bss_select->behaviour)))
10616 return -EINVAL;
10617
10618 return 0;
10619 }
10620
nl80211_parse_random_mac(struct nlattr ** attrs,u8 * mac_addr,u8 * mac_addr_mask)10621 int nl80211_parse_random_mac(struct nlattr **attrs,
10622 u8 *mac_addr, u8 *mac_addr_mask)
10623 {
10624 int i;
10625
10626 if (!attrs[NL80211_ATTR_MAC] && !attrs[NL80211_ATTR_MAC_MASK]) {
10627 eth_zero_addr(mac_addr);
10628 eth_zero_addr(mac_addr_mask);
10629 mac_addr[0] = 0x2;
10630 mac_addr_mask[0] = 0x3;
10631
10632 return 0;
10633 }
10634
10635 /* need both or none */
10636 if (!attrs[NL80211_ATTR_MAC] || !attrs[NL80211_ATTR_MAC_MASK])
10637 return -EINVAL;
10638
10639 memcpy(mac_addr, nla_data(attrs[NL80211_ATTR_MAC]), ETH_ALEN);
10640 memcpy(mac_addr_mask, nla_data(attrs[NL80211_ATTR_MAC_MASK]), ETH_ALEN);
10641
10642 /* don't allow or configure an mcast address */
10643 if (!is_multicast_ether_addr(mac_addr_mask) ||
10644 is_multicast_ether_addr(mac_addr))
10645 return -EINVAL;
10646
10647 /*
10648 * allow users to pass a MAC address that has bits set outside
10649 * of the mask, but don't bother drivers with having to deal
10650 * with such bits
10651 */
10652 for (i = 0; i < ETH_ALEN; i++)
10653 mac_addr[i] &= mac_addr_mask[i];
10654
10655 return 0;
10656 }
10657
cfg80211_off_channel_oper_allowed(struct wireless_dev * wdev,struct ieee80211_channel * chan)10658 static bool cfg80211_off_channel_oper_allowed(struct wireless_dev *wdev,
10659 struct ieee80211_channel *chan)
10660 {
10661 unsigned int link_id;
10662 bool all_ok = true;
10663 int radio_idx;
10664
10665 lockdep_assert_wiphy(wdev->wiphy);
10666
10667 if (!cfg80211_wdev_channel_allowed(wdev, chan))
10668 return false;
10669
10670 if (!cfg80211_beaconing_iface_active(wdev))
10671 return true;
10672
10673 radio_idx = cfg80211_get_radio_idx_by_chan(wdev->wiphy, chan);
10674
10675 /*
10676 * FIXME: check if we have a free radio/link for chan
10677 *
10678 * This, as well as the FIXME below, requires knowing the link
10679 * capabilities of the hardware.
10680 */
10681
10682 /* we cannot leave radar channels */
10683 for_each_valid_link(wdev, link_id) {
10684 struct cfg80211_chan_def *chandef;
10685 int link_radio_idx;
10686
10687 chandef = wdev_chandef(wdev, link_id);
10688 if (!chandef || !chandef->chan)
10689 continue;
10690
10691 if (!(chandef->chan->flags & IEEE80211_CHAN_RADAR))
10692 continue;
10693
10694 /*
10695 * chandef->chan is a radar channel. If the radio/link onto
10696 * which this radar channel falls is the same radio/link onto
10697 * which the input 'chan' falls, off-channel operation should
10698 * not be allowed. Hence, set 'all_ok' to false.
10699 */
10700
10701 link_radio_idx = cfg80211_get_radio_idx_by_chan(wdev->wiphy,
10702 chandef->chan);
10703 if (link_radio_idx == radio_idx) {
10704 all_ok = false;
10705 break;
10706 }
10707 }
10708
10709 if (all_ok)
10710 return true;
10711
10712 return regulatory_pre_cac_allowed(wdev->wiphy);
10713 }
10714
nl80211_check_scan_feat(struct wiphy * wiphy,u32 flags,u32 flag,enum nl80211_ext_feature_index feat)10715 static bool nl80211_check_scan_feat(struct wiphy *wiphy, u32 flags, u32 flag,
10716 enum nl80211_ext_feature_index feat)
10717 {
10718 if (!(flags & flag))
10719 return true;
10720 if (wiphy_ext_feature_isset(wiphy, feat))
10721 return true;
10722 return false;
10723 }
10724
10725 static int
nl80211_check_scan_flags(struct wiphy * wiphy,struct wireless_dev * wdev,struct nlattr ** attrs,u8 * mac_addr,u8 * mac_addr_mask,u32 * flags,enum nl80211_feature_flags randomness_flag)10726 nl80211_check_scan_flags(struct wiphy *wiphy, struct wireless_dev *wdev,
10727 struct nlattr **attrs, u8 *mac_addr, u8 *mac_addr_mask,
10728 u32 *flags, enum nl80211_feature_flags randomness_flag)
10729 {
10730 if (!attrs[NL80211_ATTR_SCAN_FLAGS])
10731 return 0;
10732
10733 *flags = nla_get_u32(attrs[NL80211_ATTR_SCAN_FLAGS]);
10734
10735 if (((*flags & NL80211_SCAN_FLAG_LOW_PRIORITY) &&
10736 !(wiphy->features & NL80211_FEATURE_LOW_PRIORITY_SCAN)) ||
10737 !nl80211_check_scan_feat(wiphy, *flags,
10738 NL80211_SCAN_FLAG_LOW_SPAN,
10739 NL80211_EXT_FEATURE_LOW_SPAN_SCAN) ||
10740 !nl80211_check_scan_feat(wiphy, *flags,
10741 NL80211_SCAN_FLAG_LOW_POWER,
10742 NL80211_EXT_FEATURE_LOW_POWER_SCAN) ||
10743 !nl80211_check_scan_feat(wiphy, *flags,
10744 NL80211_SCAN_FLAG_HIGH_ACCURACY,
10745 NL80211_EXT_FEATURE_HIGH_ACCURACY_SCAN) ||
10746 !nl80211_check_scan_feat(wiphy, *flags,
10747 NL80211_SCAN_FLAG_FILS_MAX_CHANNEL_TIME,
10748 NL80211_EXT_FEATURE_FILS_MAX_CHANNEL_TIME) ||
10749 !nl80211_check_scan_feat(wiphy, *flags,
10750 NL80211_SCAN_FLAG_ACCEPT_BCAST_PROBE_RESP,
10751 NL80211_EXT_FEATURE_ACCEPT_BCAST_PROBE_RESP) ||
10752 !nl80211_check_scan_feat(wiphy, *flags,
10753 NL80211_SCAN_FLAG_OCE_PROBE_REQ_DEFERRAL_SUPPRESSION,
10754 NL80211_EXT_FEATURE_OCE_PROBE_REQ_DEFERRAL_SUPPRESSION) ||
10755 !nl80211_check_scan_feat(wiphy, *flags,
10756 NL80211_SCAN_FLAG_OCE_PROBE_REQ_HIGH_TX_RATE,
10757 NL80211_EXT_FEATURE_OCE_PROBE_REQ_HIGH_TX_RATE) ||
10758 !nl80211_check_scan_feat(wiphy, *flags,
10759 NL80211_SCAN_FLAG_RANDOM_SN,
10760 NL80211_EXT_FEATURE_SCAN_RANDOM_SN) ||
10761 !nl80211_check_scan_feat(wiphy, *flags,
10762 NL80211_SCAN_FLAG_MIN_PREQ_CONTENT,
10763 NL80211_EXT_FEATURE_SCAN_MIN_PREQ_CONTENT))
10764 return -EOPNOTSUPP;
10765
10766 if (*flags & NL80211_SCAN_FLAG_RANDOM_ADDR) {
10767 int err;
10768
10769 if (!(wiphy->features & randomness_flag) ||
10770 (wdev && wdev->connected))
10771 return -EOPNOTSUPP;
10772
10773 err = nl80211_parse_random_mac(attrs, mac_addr, mac_addr_mask);
10774 if (err)
10775 return err;
10776 }
10777
10778 return 0;
10779 }
10780
10781 static int
nl80211_check_scan_flags_sched(struct wiphy * wiphy,struct wireless_dev * wdev,struct nlattr ** attrs,struct cfg80211_sched_scan_request * req)10782 nl80211_check_scan_flags_sched(struct wiphy *wiphy, struct wireless_dev *wdev,
10783 struct nlattr **attrs,
10784 struct cfg80211_sched_scan_request *req)
10785 {
10786 return nl80211_check_scan_flags(wiphy, wdev, attrs,
10787 req->mac_addr, req->mac_addr_mask,
10788 &req->flags,
10789 wdev ? NL80211_FEATURE_SCHED_SCAN_RANDOM_MAC_ADDR :
10790 NL80211_FEATURE_ND_RANDOM_MAC_ADDR);
10791 }
10792
10793 static int
nl80211_check_scan_flags_reg(struct wiphy * wiphy,struct wireless_dev * wdev,struct nlattr ** attrs,struct cfg80211_scan_request_int * req)10794 nl80211_check_scan_flags_reg(struct wiphy *wiphy, struct wireless_dev *wdev,
10795 struct nlattr **attrs,
10796 struct cfg80211_scan_request_int *req)
10797 {
10798 return nl80211_check_scan_flags(wiphy, wdev, attrs,
10799 req->req.mac_addr,
10800 req->req.mac_addr_mask,
10801 &req->req.flags,
10802 NL80211_FEATURE_SCAN_RANDOM_MAC_ADDR);
10803 }
10804
nl80211_trigger_scan(struct sk_buff * skb,struct genl_info * info)10805 static int nl80211_trigger_scan(struct sk_buff *skb, struct genl_info *info)
10806 {
10807 struct cfg80211_registered_device *rdev = info->user_ptr[0];
10808 struct wireless_dev *wdev = info->user_ptr[1];
10809 struct cfg80211_scan_request_int *request;
10810 struct nlattr *scan_freqs = NULL;
10811 bool scan_freqs_khz = false;
10812 struct nlattr *attr;
10813 struct wiphy *wiphy;
10814 int err, tmp, n_ssids = 0, n_channels, i;
10815 size_t ie_len, size;
10816 size_t ssids_offset, ie_offset;
10817
10818 wiphy = &rdev->wiphy;
10819
10820 if (wdev->iftype == NL80211_IFTYPE_NAN)
10821 return -EOPNOTSUPP;
10822
10823 if (!rdev->ops->scan)
10824 return -EOPNOTSUPP;
10825
10826 if (rdev->scan_req || rdev->scan_msg)
10827 return -EBUSY;
10828
10829 if (info->attrs[NL80211_ATTR_SCAN_FREQ_KHZ]) {
10830 if (!wiphy_ext_feature_isset(wiphy,
10831 NL80211_EXT_FEATURE_SCAN_FREQ_KHZ))
10832 return -EOPNOTSUPP;
10833 scan_freqs = info->attrs[NL80211_ATTR_SCAN_FREQ_KHZ];
10834 scan_freqs_khz = true;
10835 } else if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES])
10836 scan_freqs = info->attrs[NL80211_ATTR_SCAN_FREQUENCIES];
10837
10838 if (scan_freqs) {
10839 n_channels = validate_scan_freqs(scan_freqs);
10840 if (!n_channels)
10841 return -EINVAL;
10842 } else {
10843 n_channels = ieee80211_get_num_supported_channels(wiphy);
10844 }
10845
10846 if (info->attrs[NL80211_ATTR_SCAN_SSIDS])
10847 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp)
10848 n_ssids++;
10849
10850 if (n_ssids > wiphy->max_scan_ssids)
10851 return -EINVAL;
10852
10853 if (info->attrs[NL80211_ATTR_IE])
10854 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
10855 else
10856 ie_len = 0;
10857
10858 if (ie_len > wiphy->max_scan_ie_len)
10859 return -EINVAL;
10860
10861 size = struct_size(request, req.channels, n_channels);
10862 ssids_offset = size;
10863 size = size_add(size, array_size(sizeof(*request->req.ssids), n_ssids));
10864 ie_offset = size;
10865 size = size_add(size, ie_len);
10866 request = kzalloc(size, GFP_KERNEL);
10867 if (!request)
10868 return -ENOMEM;
10869
10870 if (n_ssids)
10871 request->req.ssids = (void *)request + ssids_offset;
10872 request->req.n_ssids = n_ssids;
10873 if (ie_len)
10874 request->req.ie = (void *)request + ie_offset;
10875
10876 i = 0;
10877 if (scan_freqs) {
10878 /* user specified, bail out if channel not found */
10879 nla_for_each_nested(attr, scan_freqs, tmp) {
10880 struct ieee80211_channel *chan;
10881 int freq = nla_get_u32(attr);
10882
10883 if (!scan_freqs_khz)
10884 freq = MHZ_TO_KHZ(freq);
10885
10886 chan = ieee80211_get_channel_khz(wiphy, freq);
10887 if (!chan) {
10888 err = -EINVAL;
10889 goto out_free;
10890 }
10891
10892 /* Ignore disabled / no primary channels */
10893 if (chan->flags & IEEE80211_CHAN_DISABLED ||
10894 chan->flags & IEEE80211_CHAN_S1G_NO_PRIMARY ||
10895 !cfg80211_wdev_channel_allowed(wdev, chan))
10896 continue;
10897
10898 request->req.channels[i] = chan;
10899 i++;
10900 }
10901 } else {
10902 enum nl80211_band band;
10903
10904 /* all channels */
10905 for (band = 0; band < NUM_NL80211_BANDS; band++) {
10906 int j;
10907
10908 if (!wiphy->bands[band])
10909 continue;
10910 for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
10911 struct ieee80211_channel *chan;
10912
10913 chan = &wiphy->bands[band]->channels[j];
10914
10915 if (chan->flags & IEEE80211_CHAN_DISABLED ||
10916 chan->flags &
10917 IEEE80211_CHAN_S1G_NO_PRIMARY ||
10918 !cfg80211_wdev_channel_allowed(wdev, chan))
10919 continue;
10920
10921 request->req.channels[i] = chan;
10922 i++;
10923 }
10924 }
10925 }
10926
10927 if (!i) {
10928 err = -EINVAL;
10929 goto out_free;
10930 }
10931
10932 request->req.n_channels = i;
10933
10934 for (i = 0; i < request->req.n_channels; i++) {
10935 struct ieee80211_channel *chan = request->req.channels[i];
10936
10937 /* if we can go off-channel to the target channel we're good */
10938 if (cfg80211_off_channel_oper_allowed(wdev, chan))
10939 continue;
10940
10941 if (!cfg80211_wdev_on_sub_chan(wdev, chan, true)) {
10942 err = -EBUSY;
10943 goto out_free;
10944 }
10945 }
10946
10947 i = 0;
10948 if (n_ssids) {
10949 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp) {
10950 if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) {
10951 err = -EINVAL;
10952 goto out_free;
10953 }
10954 request->req.ssids[i].ssid_len = nla_len(attr);
10955 memcpy(request->req.ssids[i].ssid,
10956 nla_data(attr), nla_len(attr));
10957 i++;
10958 }
10959 }
10960
10961 if (info->attrs[NL80211_ATTR_IE]) {
10962 request->req.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
10963 memcpy((void *)request->req.ie,
10964 nla_data(info->attrs[NL80211_ATTR_IE]),
10965 request->req.ie_len);
10966 }
10967
10968 for (i = 0; i < NUM_NL80211_BANDS; i++)
10969 if (wiphy->bands[i])
10970 request->req.rates[i] =
10971 (1 << wiphy->bands[i]->n_bitrates) - 1;
10972
10973 if (info->attrs[NL80211_ATTR_SCAN_SUPP_RATES]) {
10974 nla_for_each_nested(attr,
10975 info->attrs[NL80211_ATTR_SCAN_SUPP_RATES],
10976 tmp) {
10977 int band = nla_type(attr);
10978
10979 if (band < 0 || band >= NUM_NL80211_BANDS) {
10980 err = -EINVAL;
10981 goto out_free;
10982 }
10983
10984 if (!wiphy->bands[band])
10985 continue;
10986
10987 err = ieee80211_get_ratemask(wiphy->bands[band],
10988 nla_data(attr),
10989 nla_len(attr),
10990 &request->req.rates[band]);
10991 if (err)
10992 goto out_free;
10993 }
10994 }
10995
10996 if (info->attrs[NL80211_ATTR_MEASUREMENT_DURATION]) {
10997 request->req.duration =
10998 nla_get_u16(info->attrs[NL80211_ATTR_MEASUREMENT_DURATION]);
10999 request->req.duration_mandatory =
11000 nla_get_flag(info->attrs[NL80211_ATTR_MEASUREMENT_DURATION_MANDATORY]);
11001 }
11002
11003 err = nl80211_check_scan_flags_reg(wiphy, wdev, info->attrs, request);
11004 if (err)
11005 goto out_free;
11006
11007 request->req.no_cck =
11008 nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]);
11009
11010 /* Initial implementation used NL80211_ATTR_MAC to set the specific
11011 * BSSID to scan for. This was problematic because that same attribute
11012 * was already used for another purpose (local random MAC address). The
11013 * NL80211_ATTR_BSSID attribute was added to fix this. For backwards
11014 * compatibility with older userspace components, also use the
11015 * NL80211_ATTR_MAC value here if it can be determined to be used for
11016 * the specific BSSID use case instead of the random MAC address
11017 * (NL80211_ATTR_SCAN_FLAGS is used to enable random MAC address use).
11018 */
11019 if (info->attrs[NL80211_ATTR_BSSID])
11020 memcpy(request->req.bssid,
11021 nla_data(info->attrs[NL80211_ATTR_BSSID]), ETH_ALEN);
11022 else if (!(request->req.flags & NL80211_SCAN_FLAG_RANDOM_ADDR) &&
11023 info->attrs[NL80211_ATTR_MAC])
11024 memcpy(request->req.bssid,
11025 nla_data(info->attrs[NL80211_ATTR_MAC]),
11026 ETH_ALEN);
11027 else
11028 eth_broadcast_addr(request->req.bssid);
11029
11030 request->req.tsf_report_link_id =
11031 nl80211_link_id_or_invalid(info->attrs);
11032 request->req.wdev = wdev;
11033 request->req.wiphy = &rdev->wiphy;
11034 request->req.scan_start = jiffies;
11035
11036 rdev->scan_req = request;
11037 err = cfg80211_scan(rdev);
11038
11039 if (err)
11040 goto out_free;
11041
11042 nl80211_send_scan_start(rdev, wdev);
11043 dev_hold(wdev->netdev);
11044
11045 return 0;
11046
11047 out_free:
11048 rdev->scan_req = NULL;
11049 kfree(request);
11050
11051 return err;
11052 }
11053
nl80211_abort_scan(struct sk_buff * skb,struct genl_info * info)11054 static int nl80211_abort_scan(struct sk_buff *skb, struct genl_info *info)
11055 {
11056 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11057 struct wireless_dev *wdev = info->user_ptr[1];
11058
11059 if (!rdev->ops->abort_scan)
11060 return -EOPNOTSUPP;
11061
11062 if (rdev->scan_msg)
11063 return 0;
11064
11065 if (!rdev->scan_req)
11066 return -ENOENT;
11067
11068 rdev_abort_scan(rdev, wdev);
11069 return 0;
11070 }
11071
11072 static int
nl80211_parse_sched_scan_plans(struct wiphy * wiphy,int n_plans,struct cfg80211_sched_scan_request * request,struct nlattr ** attrs)11073 nl80211_parse_sched_scan_plans(struct wiphy *wiphy, int n_plans,
11074 struct cfg80211_sched_scan_request *request,
11075 struct nlattr **attrs)
11076 {
11077 int tmp, err, i = 0;
11078 struct nlattr *attr;
11079
11080 if (!attrs[NL80211_ATTR_SCHED_SCAN_PLANS]) {
11081 u32 interval;
11082
11083 /*
11084 * If scan plans are not specified,
11085 * %NL80211_ATTR_SCHED_SCAN_INTERVAL will be specified. In this
11086 * case one scan plan will be set with the specified scan
11087 * interval and infinite number of iterations.
11088 */
11089 interval = nla_get_u32(attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL]);
11090 if (!interval)
11091 return -EINVAL;
11092
11093 request->scan_plans[0].interval =
11094 DIV_ROUND_UP(interval, MSEC_PER_SEC);
11095 if (!request->scan_plans[0].interval)
11096 return -EINVAL;
11097
11098 if (request->scan_plans[0].interval >
11099 wiphy->max_sched_scan_plan_interval)
11100 request->scan_plans[0].interval =
11101 wiphy->max_sched_scan_plan_interval;
11102
11103 return 0;
11104 }
11105
11106 nla_for_each_nested(attr, attrs[NL80211_ATTR_SCHED_SCAN_PLANS], tmp) {
11107 struct nlattr *plan[NL80211_SCHED_SCAN_PLAN_MAX + 1];
11108
11109 if (WARN_ON(i >= n_plans))
11110 return -EINVAL;
11111
11112 err = nla_parse_nested_deprecated(plan,
11113 NL80211_SCHED_SCAN_PLAN_MAX,
11114 attr, nl80211_plan_policy,
11115 NULL);
11116 if (err)
11117 return err;
11118
11119 if (!plan[NL80211_SCHED_SCAN_PLAN_INTERVAL])
11120 return -EINVAL;
11121
11122 request->scan_plans[i].interval =
11123 nla_get_u32(plan[NL80211_SCHED_SCAN_PLAN_INTERVAL]);
11124 if (!request->scan_plans[i].interval ||
11125 request->scan_plans[i].interval >
11126 wiphy->max_sched_scan_plan_interval)
11127 return -EINVAL;
11128
11129 if (plan[NL80211_SCHED_SCAN_PLAN_ITERATIONS]) {
11130 request->scan_plans[i].iterations =
11131 nla_get_u32(plan[NL80211_SCHED_SCAN_PLAN_ITERATIONS]);
11132 if (!request->scan_plans[i].iterations ||
11133 (request->scan_plans[i].iterations >
11134 wiphy->max_sched_scan_plan_iterations))
11135 return -EINVAL;
11136 } else if (i < n_plans - 1) {
11137 /*
11138 * All scan plans but the last one must specify
11139 * a finite number of iterations
11140 */
11141 return -EINVAL;
11142 }
11143
11144 i++;
11145 }
11146
11147 /*
11148 * The last scan plan must not specify the number of
11149 * iterations, it is supposed to run infinitely
11150 */
11151 if (request->scan_plans[n_plans - 1].iterations)
11152 return -EINVAL;
11153
11154 return 0;
11155 }
11156
11157 static struct cfg80211_sched_scan_request *
nl80211_parse_sched_scan(struct wiphy * wiphy,struct wireless_dev * wdev,struct nlattr ** attrs,int max_match_sets)11158 nl80211_parse_sched_scan(struct wiphy *wiphy, struct wireless_dev *wdev,
11159 struct nlattr **attrs, int max_match_sets)
11160 {
11161 struct cfg80211_sched_scan_request *request;
11162 struct nlattr *attr;
11163 int err, tmp, n_ssids = 0, n_match_sets = 0, n_channels, i, n_plans = 0;
11164 enum nl80211_band band;
11165 size_t ie_len, size;
11166 struct nlattr *tb[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1];
11167 s32 default_match_rssi = NL80211_SCAN_RSSI_THOLD_OFF;
11168
11169 if (attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
11170 n_channels = validate_scan_freqs(
11171 attrs[NL80211_ATTR_SCAN_FREQUENCIES]);
11172 if (!n_channels)
11173 return ERR_PTR(-EINVAL);
11174 } else {
11175 n_channels = ieee80211_get_num_supported_channels(wiphy);
11176 }
11177
11178 if (attrs[NL80211_ATTR_SCAN_SSIDS])
11179 nla_for_each_nested(attr, attrs[NL80211_ATTR_SCAN_SSIDS],
11180 tmp)
11181 n_ssids++;
11182
11183 if (n_ssids > wiphy->max_sched_scan_ssids)
11184 return ERR_PTR(-EINVAL);
11185
11186 /*
11187 * First, count the number of 'real' matchsets. Due to an issue with
11188 * the old implementation, matchsets containing only the RSSI attribute
11189 * (NL80211_SCHED_SCAN_MATCH_ATTR_RSSI) are considered as the 'default'
11190 * RSSI for all matchsets, rather than their own matchset for reporting
11191 * all APs with a strong RSSI. This is needed to be compatible with
11192 * older userspace that treated a matchset with only the RSSI as the
11193 * global RSSI for all other matchsets - if there are other matchsets.
11194 */
11195 if (attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) {
11196 nla_for_each_nested(attr,
11197 attrs[NL80211_ATTR_SCHED_SCAN_MATCH],
11198 tmp) {
11199 struct nlattr *rssi;
11200
11201 err = nla_parse_nested_deprecated(tb,
11202 NL80211_SCHED_SCAN_MATCH_ATTR_MAX,
11203 attr,
11204 nl80211_match_policy,
11205 NULL);
11206 if (err)
11207 return ERR_PTR(err);
11208
11209 /* SSID and BSSID are mutually exclusive */
11210 if (tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID] &&
11211 tb[NL80211_SCHED_SCAN_MATCH_ATTR_BSSID])
11212 return ERR_PTR(-EINVAL);
11213
11214 /* add other standalone attributes here */
11215 if (tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID] ||
11216 tb[NL80211_SCHED_SCAN_MATCH_ATTR_BSSID]) {
11217 n_match_sets++;
11218 continue;
11219 }
11220 rssi = tb[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI];
11221 if (rssi)
11222 default_match_rssi = nla_get_s32(rssi);
11223 }
11224 }
11225
11226 /* However, if there's no other matchset, add the RSSI one */
11227 if (!n_match_sets && default_match_rssi != NL80211_SCAN_RSSI_THOLD_OFF)
11228 n_match_sets = 1;
11229
11230 if (n_match_sets > max_match_sets)
11231 return ERR_PTR(-EINVAL);
11232
11233 if (attrs[NL80211_ATTR_IE])
11234 ie_len = nla_len(attrs[NL80211_ATTR_IE]);
11235 else
11236 ie_len = 0;
11237
11238 if (ie_len > wiphy->max_sched_scan_ie_len)
11239 return ERR_PTR(-EINVAL);
11240
11241 if (attrs[NL80211_ATTR_SCHED_SCAN_PLANS]) {
11242 /*
11243 * NL80211_ATTR_SCHED_SCAN_INTERVAL must not be specified since
11244 * each scan plan already specifies its own interval
11245 */
11246 if (attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL])
11247 return ERR_PTR(-EINVAL);
11248
11249 nla_for_each_nested(attr,
11250 attrs[NL80211_ATTR_SCHED_SCAN_PLANS], tmp)
11251 n_plans++;
11252 } else {
11253 /*
11254 * The scan interval attribute is kept for backward
11255 * compatibility. If no scan plans are specified and sched scan
11256 * interval is specified, one scan plan will be set with this
11257 * scan interval and infinite number of iterations.
11258 */
11259 if (!attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL])
11260 return ERR_PTR(-EINVAL);
11261
11262 n_plans = 1;
11263 }
11264
11265 if (!n_plans || n_plans > wiphy->max_sched_scan_plans)
11266 return ERR_PTR(-EINVAL);
11267
11268 if (!wiphy_ext_feature_isset(
11269 wiphy, NL80211_EXT_FEATURE_SCHED_SCAN_RELATIVE_RSSI) &&
11270 (attrs[NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI] ||
11271 attrs[NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST]))
11272 return ERR_PTR(-EINVAL);
11273
11274 size = struct_size(request, channels, n_channels);
11275 size = size_add(size, array_size(sizeof(*request->ssids), n_ssids));
11276 size = size_add(size, array_size(sizeof(*request->match_sets),
11277 n_match_sets));
11278 size = size_add(size, array_size(sizeof(*request->scan_plans),
11279 n_plans));
11280 size = size_add(size, ie_len);
11281 request = kzalloc(size, GFP_KERNEL);
11282 if (!request)
11283 return ERR_PTR(-ENOMEM);
11284 request->n_channels = n_channels;
11285
11286 if (n_ssids)
11287 request->ssids = (void *)request +
11288 struct_size(request, channels, n_channels);
11289 request->n_ssids = n_ssids;
11290 if (ie_len) {
11291 if (n_ssids)
11292 request->ie = (void *)(request->ssids + n_ssids);
11293 else
11294 request->ie = (void *)(request->channels + n_channels);
11295 }
11296
11297 if (n_match_sets) {
11298 if (request->ie)
11299 request->match_sets = (void *)(request->ie + ie_len);
11300 else if (n_ssids)
11301 request->match_sets =
11302 (void *)(request->ssids + n_ssids);
11303 else
11304 request->match_sets =
11305 (void *)(request->channels + n_channels);
11306 }
11307 request->n_match_sets = n_match_sets;
11308
11309 if (n_match_sets)
11310 request->scan_plans = (void *)(request->match_sets +
11311 n_match_sets);
11312 else if (request->ie)
11313 request->scan_plans = (void *)(request->ie + ie_len);
11314 else if (n_ssids)
11315 request->scan_plans = (void *)(request->ssids + n_ssids);
11316 else
11317 request->scan_plans = (void *)(request->channels + n_channels);
11318
11319 request->n_scan_plans = n_plans;
11320
11321 i = 0;
11322 if (attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
11323 /* user specified, bail out if channel not found */
11324 nla_for_each_nested(attr,
11325 attrs[NL80211_ATTR_SCAN_FREQUENCIES],
11326 tmp) {
11327 struct ieee80211_channel *chan;
11328
11329 chan = ieee80211_get_channel(wiphy, nla_get_u32(attr));
11330
11331 if (!chan) {
11332 err = -EINVAL;
11333 goto out_free;
11334 }
11335
11336 /* ignore disabled channels */
11337 if (chan->flags & IEEE80211_CHAN_DISABLED)
11338 continue;
11339
11340 request->channels[i] = chan;
11341 i++;
11342 }
11343 } else {
11344 /* all channels */
11345 for (band = 0; band < NUM_NL80211_BANDS; band++) {
11346 int j;
11347
11348 if (!wiphy->bands[band])
11349 continue;
11350 for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
11351 struct ieee80211_channel *chan;
11352
11353 chan = &wiphy->bands[band]->channels[j];
11354
11355 if (chan->flags & IEEE80211_CHAN_DISABLED)
11356 continue;
11357
11358 request->channels[i] = chan;
11359 i++;
11360 }
11361 }
11362 }
11363
11364 if (!i) {
11365 err = -EINVAL;
11366 goto out_free;
11367 }
11368
11369 request->n_channels = i;
11370
11371 i = 0;
11372 if (n_ssids) {
11373 nla_for_each_nested(attr, attrs[NL80211_ATTR_SCAN_SSIDS],
11374 tmp) {
11375 if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) {
11376 err = -EINVAL;
11377 goto out_free;
11378 }
11379 request->ssids[i].ssid_len = nla_len(attr);
11380 memcpy(request->ssids[i].ssid, nla_data(attr),
11381 nla_len(attr));
11382 i++;
11383 }
11384 }
11385
11386 i = 0;
11387 if (attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) {
11388 nla_for_each_nested(attr,
11389 attrs[NL80211_ATTR_SCHED_SCAN_MATCH],
11390 tmp) {
11391 struct nlattr *ssid, *bssid, *rssi;
11392
11393 err = nla_parse_nested_deprecated(tb,
11394 NL80211_SCHED_SCAN_MATCH_ATTR_MAX,
11395 attr,
11396 nl80211_match_policy,
11397 NULL);
11398 if (err)
11399 goto out_free;
11400 ssid = tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID];
11401 bssid = tb[NL80211_SCHED_SCAN_MATCH_ATTR_BSSID];
11402
11403 if (!ssid && !bssid) {
11404 i++;
11405 continue;
11406 }
11407
11408 if (WARN_ON(i >= n_match_sets)) {
11409 /* this indicates a programming error,
11410 * the loop above should have verified
11411 * things properly
11412 */
11413 err = -EINVAL;
11414 goto out_free;
11415 }
11416
11417 if (ssid) {
11418 memcpy(request->match_sets[i].ssid.ssid,
11419 nla_data(ssid), nla_len(ssid));
11420 request->match_sets[i].ssid.ssid_len =
11421 nla_len(ssid);
11422 }
11423 if (bssid)
11424 memcpy(request->match_sets[i].bssid,
11425 nla_data(bssid), ETH_ALEN);
11426
11427 /* special attribute - old implementation w/a */
11428 request->match_sets[i].rssi_thold = default_match_rssi;
11429 rssi = tb[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI];
11430 if (rssi)
11431 request->match_sets[i].rssi_thold =
11432 nla_get_s32(rssi);
11433 i++;
11434 }
11435
11436 /* there was no other matchset, so the RSSI one is alone */
11437 if (i == 0 && n_match_sets)
11438 request->match_sets[0].rssi_thold = default_match_rssi;
11439
11440 request->min_rssi_thold = INT_MAX;
11441 for (i = 0; i < n_match_sets; i++)
11442 request->min_rssi_thold =
11443 min(request->match_sets[i].rssi_thold,
11444 request->min_rssi_thold);
11445 } else {
11446 request->min_rssi_thold = NL80211_SCAN_RSSI_THOLD_OFF;
11447 }
11448
11449 if (ie_len) {
11450 request->ie_len = ie_len;
11451 memcpy((void *)request->ie,
11452 nla_data(attrs[NL80211_ATTR_IE]),
11453 request->ie_len);
11454 }
11455
11456 err = nl80211_check_scan_flags_sched(wiphy, wdev, attrs, request);
11457 if (err)
11458 goto out_free;
11459
11460 if (attrs[NL80211_ATTR_SCHED_SCAN_DELAY])
11461 request->delay =
11462 nla_get_u32(attrs[NL80211_ATTR_SCHED_SCAN_DELAY]);
11463
11464 if (attrs[NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI]) {
11465 request->relative_rssi = nla_get_s8(
11466 attrs[NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI]);
11467 request->relative_rssi_set = true;
11468 }
11469
11470 if (request->relative_rssi_set &&
11471 attrs[NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST]) {
11472 struct nl80211_bss_select_rssi_adjust *rssi_adjust;
11473
11474 rssi_adjust = nla_data(
11475 attrs[NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST]);
11476 request->rssi_adjust.band = rssi_adjust->band;
11477 request->rssi_adjust.delta = rssi_adjust->delta;
11478 if (!is_band_valid(wiphy, request->rssi_adjust.band)) {
11479 err = -EINVAL;
11480 goto out_free;
11481 }
11482 }
11483
11484 err = nl80211_parse_sched_scan_plans(wiphy, n_plans, request, attrs);
11485 if (err)
11486 goto out_free;
11487
11488 request->scan_start = jiffies;
11489
11490 return request;
11491
11492 out_free:
11493 kfree(request);
11494 return ERR_PTR(err);
11495 }
11496
nl80211_start_sched_scan(struct sk_buff * skb,struct genl_info * info)11497 static int nl80211_start_sched_scan(struct sk_buff *skb,
11498 struct genl_info *info)
11499 {
11500 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11501 struct net_device *dev = info->user_ptr[1];
11502 struct wireless_dev *wdev = dev->ieee80211_ptr;
11503 struct cfg80211_sched_scan_request *sched_scan_req;
11504 bool want_multi;
11505 int err;
11506
11507 if (!rdev->wiphy.max_sched_scan_reqs || !rdev->ops->sched_scan_start)
11508 return -EOPNOTSUPP;
11509
11510 want_multi = info->attrs[NL80211_ATTR_SCHED_SCAN_MULTI];
11511 err = cfg80211_sched_scan_req_possible(rdev, want_multi);
11512 if (err)
11513 return err;
11514
11515 sched_scan_req = nl80211_parse_sched_scan(&rdev->wiphy, wdev,
11516 info->attrs,
11517 rdev->wiphy.max_match_sets);
11518
11519 err = PTR_ERR_OR_ZERO(sched_scan_req);
11520 if (err)
11521 goto out_err;
11522
11523 /* leave request id zero for legacy request
11524 * or if driver does not support multi-scheduled scan
11525 */
11526 if (want_multi && rdev->wiphy.max_sched_scan_reqs > 1)
11527 sched_scan_req->reqid = cfg80211_assign_cookie(rdev);
11528
11529 err = rdev_sched_scan_start(rdev, dev, sched_scan_req);
11530 if (err)
11531 goto out_free;
11532
11533 sched_scan_req->dev = dev;
11534 sched_scan_req->wiphy = &rdev->wiphy;
11535
11536 if (info->attrs[NL80211_ATTR_SOCKET_OWNER])
11537 sched_scan_req->owner_nlportid = info->snd_portid;
11538
11539 cfg80211_add_sched_scan_req(rdev, sched_scan_req);
11540
11541 nl80211_send_sched_scan(sched_scan_req, NL80211_CMD_START_SCHED_SCAN);
11542 return 0;
11543
11544 out_free:
11545 kfree(sched_scan_req);
11546 out_err:
11547 return err;
11548 }
11549
nl80211_stop_sched_scan(struct sk_buff * skb,struct genl_info * info)11550 static int nl80211_stop_sched_scan(struct sk_buff *skb,
11551 struct genl_info *info)
11552 {
11553 struct cfg80211_sched_scan_request *req;
11554 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11555 u64 cookie;
11556
11557 if (!rdev->wiphy.max_sched_scan_reqs || !rdev->ops->sched_scan_stop)
11558 return -EOPNOTSUPP;
11559
11560 if (info->attrs[NL80211_ATTR_COOKIE]) {
11561 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
11562 return __cfg80211_stop_sched_scan(rdev, cookie, false);
11563 }
11564
11565 req = list_first_or_null_rcu(&rdev->sched_scan_req_list,
11566 struct cfg80211_sched_scan_request,
11567 list);
11568 if (!req || req->reqid ||
11569 (req->owner_nlportid &&
11570 req->owner_nlportid != info->snd_portid))
11571 return -ENOENT;
11572
11573 return cfg80211_stop_sched_scan_req(rdev, req, false);
11574 }
11575
nl80211_start_radar_detection(struct sk_buff * skb,struct genl_info * info)11576 static int nl80211_start_radar_detection(struct sk_buff *skb,
11577 struct genl_info *info)
11578 {
11579 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11580 struct net_device *dev = info->user_ptr[1];
11581 struct wireless_dev *wdev = dev->ieee80211_ptr;
11582 int link_id = nl80211_link_id(info->attrs);
11583 struct wiphy *wiphy = wdev->wiphy;
11584 struct cfg80211_chan_def chandef;
11585 enum nl80211_dfs_regions dfs_region;
11586 unsigned int cac_time_ms;
11587 int err;
11588
11589 flush_delayed_work(&rdev->dfs_update_channels_wk);
11590
11591 switch (wdev->iftype) {
11592 case NL80211_IFTYPE_AP:
11593 case NL80211_IFTYPE_P2P_GO:
11594 case NL80211_IFTYPE_MESH_POINT:
11595 case NL80211_IFTYPE_ADHOC:
11596 break;
11597 default:
11598 /* caution - see cfg80211_beaconing_iface_active() below */
11599 return -EINVAL;
11600 }
11601
11602 guard(wiphy)(wiphy);
11603
11604 dfs_region = reg_get_dfs_region(wiphy);
11605 if (dfs_region == NL80211_DFS_UNSET)
11606 return -EINVAL;
11607
11608 err = nl80211_parse_chandef(rdev, info->extack, info->attrs, &chandef);
11609 if (err)
11610 return err;
11611
11612 err = cfg80211_chandef_dfs_required(wiphy, &chandef, wdev->iftype);
11613 if (err < 0)
11614 return err;
11615
11616 if (err == 0)
11617 return -EINVAL;
11618
11619 if (!cfg80211_chandef_dfs_usable(wiphy, &chandef))
11620 return -EINVAL;
11621
11622 if (nla_get_flag(info->attrs[NL80211_ATTR_RADAR_BACKGROUND]))
11623 return cfg80211_start_background_radar_detection(rdev, wdev,
11624 &chandef);
11625
11626 if (cfg80211_beaconing_iface_active(wdev)) {
11627 /* During MLO other link(s) can beacon, only the current link
11628 * can not already beacon
11629 */
11630 if (wdev->valid_links &&
11631 !wdev->links[link_id].ap.beacon_interval) {
11632 /* nothing */
11633 } else {
11634 return -EBUSY;
11635 }
11636 }
11637
11638 if (wdev->links[link_id].cac_started)
11639 return -EBUSY;
11640
11641 /* CAC start is offloaded to HW and can't be started manually */
11642 if (wiphy_ext_feature_isset(wiphy, NL80211_EXT_FEATURE_DFS_OFFLOAD))
11643 return -EOPNOTSUPP;
11644
11645 if (!rdev->ops->start_radar_detection)
11646 return -EOPNOTSUPP;
11647
11648 cac_time_ms = cfg80211_chandef_dfs_cac_time(&rdev->wiphy, &chandef);
11649 if (WARN_ON(!cac_time_ms))
11650 cac_time_ms = IEEE80211_DFS_MIN_CAC_TIME_MS;
11651
11652 err = rdev_start_radar_detection(rdev, dev, &chandef, cac_time_ms,
11653 link_id);
11654 if (err)
11655 return err;
11656
11657 switch (wdev->iftype) {
11658 case NL80211_IFTYPE_AP:
11659 case NL80211_IFTYPE_P2P_GO:
11660 wdev->links[link_id].ap.chandef = chandef;
11661 break;
11662 case NL80211_IFTYPE_ADHOC:
11663 wdev->u.ibss.chandef = chandef;
11664 break;
11665 case NL80211_IFTYPE_MESH_POINT:
11666 wdev->u.mesh.chandef = chandef;
11667 break;
11668 default:
11669 break;
11670 }
11671 wdev->links[link_id].cac_started = true;
11672 wdev->links[link_id].cac_start_time = jiffies;
11673 wdev->links[link_id].cac_time_ms = cac_time_ms;
11674 cfg80211_set_cac_state(wiphy, &chandef, true);
11675
11676 return 0;
11677 }
11678
nl80211_notify_radar_detection(struct sk_buff * skb,struct genl_info * info)11679 static int nl80211_notify_radar_detection(struct sk_buff *skb,
11680 struct genl_info *info)
11681 {
11682 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11683 struct net_device *dev = info->user_ptr[1];
11684 struct wireless_dev *wdev = dev->ieee80211_ptr;
11685 struct wiphy *wiphy = wdev->wiphy;
11686 struct cfg80211_chan_def chandef;
11687 enum nl80211_dfs_regions dfs_region;
11688 int err;
11689
11690 dfs_region = reg_get_dfs_region(wiphy);
11691 if (dfs_region == NL80211_DFS_UNSET) {
11692 GENL_SET_ERR_MSG(info,
11693 "DFS Region is not set. Unexpected Radar indication");
11694 return -EINVAL;
11695 }
11696
11697 err = nl80211_parse_chandef(rdev, info->extack, info->attrs, &chandef);
11698 if (err) {
11699 GENL_SET_ERR_MSG(info, "Unable to extract chandef info");
11700 return err;
11701 }
11702
11703 err = cfg80211_chandef_dfs_required(wiphy, &chandef, wdev->iftype);
11704 if (err < 0) {
11705 GENL_SET_ERR_MSG(info, "chandef is invalid");
11706 return err;
11707 }
11708
11709 if (err == 0) {
11710 GENL_SET_ERR_MSG(info,
11711 "Unexpected Radar indication for chandef/iftype");
11712 return -EINVAL;
11713 }
11714
11715 /* Do not process this notification if radar is already detected
11716 * by kernel on this channel, and return success.
11717 */
11718 if (chandef.chan->dfs_state == NL80211_DFS_UNAVAILABLE)
11719 return 0;
11720
11721 cfg80211_set_dfs_state(wiphy, &chandef, NL80211_DFS_UNAVAILABLE);
11722
11723 cfg80211_sched_dfs_chan_update(rdev);
11724
11725 rdev->radar_chandef = chandef;
11726
11727 /* Propagate this notification to other radios as well */
11728 queue_work(cfg80211_wq, &rdev->propagate_radar_detect_wk);
11729
11730 return 0;
11731 }
11732
nl80211_parse_counter_offsets(struct cfg80211_registered_device * rdev,const u8 * data,size_t datalen,int first_count,struct nlattr * attr,const u16 ** offsets,unsigned int * n_offsets)11733 static int nl80211_parse_counter_offsets(struct cfg80211_registered_device *rdev,
11734 const u8 *data, size_t datalen,
11735 int first_count, struct nlattr *attr,
11736 const u16 **offsets, unsigned int *n_offsets)
11737 {
11738 int i;
11739
11740 *n_offsets = 0;
11741
11742 if (!attr)
11743 return 0;
11744
11745 if (!nla_len(attr) || (nla_len(attr) % sizeof(u16)))
11746 return -EINVAL;
11747
11748 *n_offsets = nla_len(attr) / sizeof(u16);
11749 if (rdev->wiphy.max_num_csa_counters &&
11750 (*n_offsets > rdev->wiphy.max_num_csa_counters))
11751 return -EINVAL;
11752
11753 *offsets = nla_data(attr);
11754
11755 /* sanity checks - counters should fit and be the same */
11756 for (i = 0; i < *n_offsets; i++) {
11757 u16 offset = (*offsets)[i];
11758
11759 if (offset >= datalen)
11760 return -EINVAL;
11761
11762 if (first_count != -1 && data[offset] != first_count)
11763 return -EINVAL;
11764 }
11765
11766 return 0;
11767 }
11768
nl80211_channel_switch(struct sk_buff * skb,struct genl_info * info)11769 static int nl80211_channel_switch(struct sk_buff *skb, struct genl_info *info)
11770 {
11771 struct cfg80211_registered_device *rdev = info->user_ptr[0];
11772 unsigned int link_id = nl80211_link_id(info->attrs);
11773 struct net_device *dev = info->user_ptr[1];
11774 struct wireless_dev *wdev = dev->ieee80211_ptr;
11775 struct cfg80211_csa_settings params;
11776 struct nlattr **csa_attrs = NULL;
11777 int err;
11778 bool need_new_beacon = false;
11779 bool need_handle_dfs_flag = true;
11780 u32 cs_count;
11781
11782 if (!rdev->ops->channel_switch ||
11783 !(rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH))
11784 return -EOPNOTSUPP;
11785
11786 switch (dev->ieee80211_ptr->iftype) {
11787 case NL80211_IFTYPE_AP:
11788 case NL80211_IFTYPE_P2P_GO:
11789 need_new_beacon = true;
11790 /* For all modes except AP the handle_dfs flag needs to be
11791 * supplied to tell the kernel that userspace will handle radar
11792 * events when they happen. Otherwise a switch to a channel
11793 * requiring DFS will be rejected.
11794 */
11795 need_handle_dfs_flag = false;
11796
11797 /* useless if AP is not running */
11798 if (!wdev->links[link_id].ap.beacon_interval)
11799 return -ENOTCONN;
11800 break;
11801 case NL80211_IFTYPE_ADHOC:
11802 if (!wdev->u.ibss.ssid_len)
11803 return -ENOTCONN;
11804 break;
11805 case NL80211_IFTYPE_MESH_POINT:
11806 if (!wdev->u.mesh.id_len)
11807 return -ENOTCONN;
11808 break;
11809 default:
11810 return -EOPNOTSUPP;
11811 }
11812
11813 memset(¶ms, 0, sizeof(params));
11814 params.beacon_csa.ftm_responder = -1;
11815
11816 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] ||
11817 !info->attrs[NL80211_ATTR_CH_SWITCH_COUNT])
11818 return -EINVAL;
11819
11820 /* only important for AP, IBSS and mesh create IEs internally */
11821 if (need_new_beacon && !info->attrs[NL80211_ATTR_CSA_IES])
11822 return -EINVAL;
11823
11824 /* Even though the attribute is u32, the specification says
11825 * u8, so let's make sure we don't overflow.
11826 */
11827 cs_count = nla_get_u32(info->attrs[NL80211_ATTR_CH_SWITCH_COUNT]);
11828 if (cs_count > 255)
11829 return -EINVAL;
11830
11831 params.count = cs_count;
11832
11833 if (!need_new_beacon)
11834 goto skip_beacons;
11835
11836 err = nl80211_parse_beacon(rdev, info->attrs, ¶ms.beacon_after,
11837 info->extack);
11838 if (err)
11839 goto free;
11840
11841 csa_attrs = kzalloc_objs(*csa_attrs, NL80211_ATTR_MAX + 1);
11842 if (!csa_attrs) {
11843 err = -ENOMEM;
11844 goto free;
11845 }
11846
11847 err = nla_parse_nested_deprecated(csa_attrs, NL80211_ATTR_MAX,
11848 info->attrs[NL80211_ATTR_CSA_IES],
11849 nl80211_policy, info->extack);
11850 if (err)
11851 goto free;
11852
11853 err = nl80211_parse_beacon(rdev, csa_attrs, ¶ms.beacon_csa,
11854 info->extack);
11855 if (err)
11856 goto free;
11857
11858 if (!csa_attrs[NL80211_ATTR_CNTDWN_OFFS_BEACON]) {
11859 err = -EINVAL;
11860 goto free;
11861 }
11862
11863 err = nl80211_parse_counter_offsets(rdev, params.beacon_csa.tail,
11864 params.beacon_csa.tail_len,
11865 params.count,
11866 csa_attrs[NL80211_ATTR_CNTDWN_OFFS_BEACON],
11867 ¶ms.counter_offsets_beacon,
11868 ¶ms.n_counter_offsets_beacon);
11869 if (err)
11870 goto free;
11871
11872 err = nl80211_parse_counter_offsets(rdev, params.beacon_csa.probe_resp,
11873 params.beacon_csa.probe_resp_len,
11874 params.count,
11875 csa_attrs[NL80211_ATTR_CNTDWN_OFFS_PRESP],
11876 ¶ms.counter_offsets_presp,
11877 ¶ms.n_counter_offsets_presp);
11878 if (err)
11879 goto free;
11880
11881 skip_beacons:
11882 err = nl80211_parse_chandef(rdev, info->extack, info->attrs,
11883 ¶ms.chandef);
11884 if (err)
11885 goto free;
11886
11887 if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, ¶ms.chandef,
11888 wdev->iftype)) {
11889 err = -EINVAL;
11890 goto free;
11891 }
11892
11893 err = cfg80211_chandef_dfs_required(wdev->wiphy,
11894 ¶ms.chandef,
11895 wdev->iftype);
11896 if (err < 0)
11897 goto free;
11898
11899 if (err > 0) {
11900 params.radar_required = true;
11901 if (need_handle_dfs_flag &&
11902 !nla_get_flag(info->attrs[NL80211_ATTR_HANDLE_DFS])) {
11903 err = -EINVAL;
11904 goto free;
11905 }
11906 }
11907
11908 if (info->attrs[NL80211_ATTR_CH_SWITCH_BLOCK_TX])
11909 params.block_tx = true;
11910
11911 if ((wdev->iftype == NL80211_IFTYPE_AP ||
11912 wdev->iftype == NL80211_IFTYPE_P2P_GO) &&
11913 info->attrs[NL80211_ATTR_UNSOL_BCAST_PROBE_RESP]) {
11914 err = nl80211_parse_unsol_bcast_probe_resp(
11915 rdev, info->attrs[NL80211_ATTR_UNSOL_BCAST_PROBE_RESP],
11916 ¶ms.unsol_bcast_probe_resp);
11917 if (err)
11918 goto free;
11919 }
11920
11921 params.link_id = link_id;
11922 err = rdev_channel_switch(rdev, dev, ¶ms);
11923
11924 free:
11925 kfree(params.beacon_after.mbssid_ies);
11926 kfree(params.beacon_csa.mbssid_ies);
11927 kfree(params.beacon_after.rnr_ies);
11928 kfree(params.beacon_csa.rnr_ies);
11929 kfree(csa_attrs);
11930 return err;
11931 }
11932
nl80211_send_bss(struct sk_buff * msg,struct netlink_callback * cb,u32 seq,int flags,struct cfg80211_registered_device * rdev,struct wireless_dev * wdev,struct cfg80211_internal_bss * intbss)11933 static int nl80211_send_bss(struct sk_buff *msg, struct netlink_callback *cb,
11934 u32 seq, int flags,
11935 struct cfg80211_registered_device *rdev,
11936 struct wireless_dev *wdev,
11937 struct cfg80211_internal_bss *intbss)
11938 {
11939 struct cfg80211_bss *res = &intbss->pub;
11940 const struct cfg80211_bss_ies *ies;
11941 unsigned int link_id;
11942 void *hdr;
11943 struct nlattr *bss;
11944
11945 lockdep_assert_wiphy(wdev->wiphy);
11946
11947 hdr = nl80211hdr_put(msg, NETLINK_CB(cb->skb).portid, seq, flags,
11948 NL80211_CMD_NEW_SCAN_RESULTS);
11949 if (!hdr)
11950 return -1;
11951
11952 genl_dump_check_consistent(cb, hdr);
11953
11954 if (nla_put_u32(msg, NL80211_ATTR_GENERATION, rdev->bss_generation))
11955 goto nla_put_failure;
11956 if (wdev->netdev &&
11957 nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex))
11958 goto nla_put_failure;
11959 if (nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
11960 NL80211_ATTR_PAD))
11961 goto nla_put_failure;
11962
11963 bss = nla_nest_start_noflag(msg, NL80211_ATTR_BSS);
11964 if (!bss)
11965 goto nla_put_failure;
11966 if ((!is_zero_ether_addr(res->bssid) &&
11967 nla_put(msg, NL80211_BSS_BSSID, ETH_ALEN, res->bssid)))
11968 goto nla_put_failure;
11969
11970 rcu_read_lock();
11971 /* indicate whether we have probe response data or not */
11972 if (rcu_access_pointer(res->proberesp_ies) &&
11973 nla_put_flag(msg, NL80211_BSS_PRESP_DATA))
11974 goto fail_unlock_rcu;
11975
11976 /* this pointer prefers to be pointed to probe response data
11977 * but is always valid
11978 */
11979 ies = rcu_dereference(res->ies);
11980 if (ies) {
11981 if (nla_put_u64_64bit(msg, NL80211_BSS_TSF, ies->tsf,
11982 NL80211_BSS_PAD))
11983 goto fail_unlock_rcu;
11984 if (ies->len && nla_put(msg, NL80211_BSS_INFORMATION_ELEMENTS,
11985 ies->len, ies->data))
11986 goto fail_unlock_rcu;
11987 }
11988
11989 /* and this pointer is always (unless driver didn't know) beacon data */
11990 ies = rcu_dereference(res->beacon_ies);
11991 if (ies && ies->from_beacon) {
11992 if (nla_put_u64_64bit(msg, NL80211_BSS_BEACON_TSF, ies->tsf,
11993 NL80211_BSS_PAD))
11994 goto fail_unlock_rcu;
11995 if (ies->len && nla_put(msg, NL80211_BSS_BEACON_IES,
11996 ies->len, ies->data))
11997 goto fail_unlock_rcu;
11998 }
11999 rcu_read_unlock();
12000
12001 if (res->beacon_interval &&
12002 nla_put_u16(msg, NL80211_BSS_BEACON_INTERVAL, res->beacon_interval))
12003 goto nla_put_failure;
12004 if (nla_put_u16(msg, NL80211_BSS_CAPABILITY, res->capability) ||
12005 nla_put_u32(msg, NL80211_BSS_FREQUENCY, res->channel->center_freq) ||
12006 nla_put_u32(msg, NL80211_BSS_FREQUENCY_OFFSET,
12007 res->channel->freq_offset) ||
12008 nla_put_u32(msg, NL80211_BSS_SEEN_MS_AGO,
12009 jiffies_to_msecs(jiffies - intbss->ts)))
12010 goto nla_put_failure;
12011
12012 if (intbss->parent_tsf &&
12013 (nla_put_u64_64bit(msg, NL80211_BSS_PARENT_TSF,
12014 intbss->parent_tsf, NL80211_BSS_PAD) ||
12015 nla_put(msg, NL80211_BSS_PARENT_BSSID, ETH_ALEN,
12016 intbss->parent_bssid)))
12017 goto nla_put_failure;
12018
12019 if (res->ts_boottime &&
12020 nla_put_u64_64bit(msg, NL80211_BSS_LAST_SEEN_BOOTTIME,
12021 res->ts_boottime, NL80211_BSS_PAD))
12022 goto nla_put_failure;
12023
12024 if (!nl80211_put_signal(msg, intbss->pub.chains,
12025 intbss->pub.chain_signal,
12026 NL80211_BSS_CHAIN_SIGNAL))
12027 goto nla_put_failure;
12028
12029 if (intbss->bss_source != BSS_SOURCE_STA_PROFILE) {
12030 switch (rdev->wiphy.signal_type) {
12031 case CFG80211_SIGNAL_TYPE_MBM:
12032 if (nla_put_u32(msg, NL80211_BSS_SIGNAL_MBM,
12033 res->signal))
12034 goto nla_put_failure;
12035 break;
12036 case CFG80211_SIGNAL_TYPE_UNSPEC:
12037 if (nla_put_u8(msg, NL80211_BSS_SIGNAL_UNSPEC,
12038 res->signal))
12039 goto nla_put_failure;
12040 break;
12041 default:
12042 break;
12043 }
12044 }
12045
12046 switch (wdev->iftype) {
12047 case NL80211_IFTYPE_P2P_CLIENT:
12048 case NL80211_IFTYPE_STATION:
12049 for_each_valid_link(wdev, link_id) {
12050 if (intbss == wdev->links[link_id].client.current_bss &&
12051 (nla_put_u32(msg, NL80211_BSS_STATUS,
12052 NL80211_BSS_STATUS_ASSOCIATED) ||
12053 (wdev->valid_links &&
12054 (nla_put_u8(msg, NL80211_BSS_MLO_LINK_ID,
12055 link_id) ||
12056 nla_put(msg, NL80211_BSS_MLD_ADDR, ETH_ALEN,
12057 wdev->u.client.connected_addr)))))
12058 goto nla_put_failure;
12059 }
12060 break;
12061 case NL80211_IFTYPE_ADHOC:
12062 if (intbss == wdev->u.ibss.current_bss &&
12063 nla_put_u32(msg, NL80211_BSS_STATUS,
12064 NL80211_BSS_STATUS_IBSS_JOINED))
12065 goto nla_put_failure;
12066 break;
12067 default:
12068 break;
12069 }
12070
12071 if (nla_put_u32(msg, NL80211_BSS_USE_FOR, res->use_for))
12072 goto nla_put_failure;
12073
12074 if (res->cannot_use_reasons &&
12075 nla_put_u64_64bit(msg, NL80211_BSS_CANNOT_USE_REASONS,
12076 res->cannot_use_reasons,
12077 NL80211_BSS_PAD))
12078 goto nla_put_failure;
12079
12080 nla_nest_end(msg, bss);
12081
12082 genlmsg_end(msg, hdr);
12083 return 0;
12084
12085 fail_unlock_rcu:
12086 rcu_read_unlock();
12087 nla_put_failure:
12088 genlmsg_cancel(msg, hdr);
12089 return -EMSGSIZE;
12090 }
12091
nl80211_dump_scan(struct sk_buff * skb,struct netlink_callback * cb)12092 static int nl80211_dump_scan(struct sk_buff *skb, struct netlink_callback *cb)
12093 {
12094 struct cfg80211_registered_device *rdev;
12095 struct cfg80211_internal_bss *scan;
12096 struct wireless_dev *wdev;
12097 struct nlattr **attrbuf;
12098 int start = cb->args[2], idx = 0;
12099 bool dump_include_use_data;
12100 int err;
12101
12102 attrbuf = kzalloc_objs(*attrbuf, NUM_NL80211_ATTR);
12103 if (!attrbuf)
12104 return -ENOMEM;
12105
12106 err = nl80211_prepare_wdev_dump(cb, &rdev, &wdev, attrbuf);
12107 if (err) {
12108 kfree(attrbuf);
12109 return err;
12110 }
12111 /* nl80211_prepare_wdev_dump acquired it in the successful case */
12112 __acquire(&rdev->wiphy.mtx);
12113
12114 dump_include_use_data =
12115 attrbuf[NL80211_ATTR_BSS_DUMP_INCLUDE_USE_DATA];
12116 kfree(attrbuf);
12117
12118 spin_lock_bh(&rdev->bss_lock);
12119
12120 /*
12121 * dump_scan will be called multiple times to break up the scan results
12122 * into multiple messages. It is unlikely that any more bss-es will be
12123 * expired after the first call, so only call only call this on the
12124 * first dump_scan invocation.
12125 */
12126 if (start == 0)
12127 cfg80211_bss_expire(rdev);
12128
12129 cb->seq = rdev->bss_generation;
12130
12131 list_for_each_entry(scan, &rdev->bss_list, list) {
12132 if (++idx <= start)
12133 continue;
12134 if (!dump_include_use_data &&
12135 !(scan->pub.use_for & NL80211_BSS_USE_FOR_NORMAL))
12136 continue;
12137 if (nl80211_send_bss(skb, cb,
12138 cb->nlh->nlmsg_seq, NLM_F_MULTI,
12139 rdev, wdev, scan) < 0) {
12140 idx--;
12141 break;
12142 }
12143 }
12144
12145 spin_unlock_bh(&rdev->bss_lock);
12146
12147 cb->args[2] = idx;
12148 wiphy_unlock(&rdev->wiphy);
12149
12150 return skb->len;
12151 }
12152
nl80211_send_survey(struct sk_buff * msg,u32 portid,u32 seq,int flags,struct net_device * dev,bool allow_radio_stats,struct survey_info * survey)12153 static int nl80211_send_survey(struct sk_buff *msg, u32 portid, u32 seq,
12154 int flags, struct net_device *dev,
12155 bool allow_radio_stats,
12156 struct survey_info *survey)
12157 {
12158 void *hdr;
12159 struct nlattr *infoattr;
12160
12161 /* skip radio stats if userspace didn't request them */
12162 if (!survey->channel && !allow_radio_stats)
12163 return 0;
12164
12165 hdr = nl80211hdr_put(msg, portid, seq, flags,
12166 NL80211_CMD_NEW_SURVEY_RESULTS);
12167 if (!hdr)
12168 return -ENOMEM;
12169
12170 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
12171 goto nla_put_failure;
12172
12173 infoattr = nla_nest_start_noflag(msg, NL80211_ATTR_SURVEY_INFO);
12174 if (!infoattr)
12175 goto nla_put_failure;
12176
12177 if (survey->channel &&
12178 nla_put_u32(msg, NL80211_SURVEY_INFO_FREQUENCY,
12179 survey->channel->center_freq))
12180 goto nla_put_failure;
12181
12182 if (survey->channel && survey->channel->freq_offset &&
12183 nla_put_u32(msg, NL80211_SURVEY_INFO_FREQUENCY_OFFSET,
12184 survey->channel->freq_offset))
12185 goto nla_put_failure;
12186
12187 if ((survey->filled & SURVEY_INFO_NOISE_DBM) &&
12188 nla_put_u8(msg, NL80211_SURVEY_INFO_NOISE, survey->noise))
12189 goto nla_put_failure;
12190 if ((survey->filled & SURVEY_INFO_IN_USE) &&
12191 nla_put_flag(msg, NL80211_SURVEY_INFO_IN_USE))
12192 goto nla_put_failure;
12193 if ((survey->filled & SURVEY_INFO_TIME) &&
12194 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME,
12195 survey->time, NL80211_SURVEY_INFO_PAD))
12196 goto nla_put_failure;
12197 if ((survey->filled & SURVEY_INFO_TIME_BUSY) &&
12198 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_BUSY,
12199 survey->time_busy, NL80211_SURVEY_INFO_PAD))
12200 goto nla_put_failure;
12201 if ((survey->filled & SURVEY_INFO_TIME_EXT_BUSY) &&
12202 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_EXT_BUSY,
12203 survey->time_ext_busy, NL80211_SURVEY_INFO_PAD))
12204 goto nla_put_failure;
12205 if ((survey->filled & SURVEY_INFO_TIME_RX) &&
12206 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_RX,
12207 survey->time_rx, NL80211_SURVEY_INFO_PAD))
12208 goto nla_put_failure;
12209 if ((survey->filled & SURVEY_INFO_TIME_TX) &&
12210 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_TX,
12211 survey->time_tx, NL80211_SURVEY_INFO_PAD))
12212 goto nla_put_failure;
12213 if ((survey->filled & SURVEY_INFO_TIME_SCAN) &&
12214 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_SCAN,
12215 survey->time_scan, NL80211_SURVEY_INFO_PAD))
12216 goto nla_put_failure;
12217 if ((survey->filled & SURVEY_INFO_TIME_BSS_RX) &&
12218 nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_BSS_RX,
12219 survey->time_bss_rx, NL80211_SURVEY_INFO_PAD))
12220 goto nla_put_failure;
12221
12222 nla_nest_end(msg, infoattr);
12223
12224 genlmsg_end(msg, hdr);
12225 return 0;
12226
12227 nla_put_failure:
12228 genlmsg_cancel(msg, hdr);
12229 return -EMSGSIZE;
12230 }
12231
nl80211_dump_survey(struct sk_buff * skb,struct netlink_callback * cb)12232 static int nl80211_dump_survey(struct sk_buff *skb, struct netlink_callback *cb)
12233 {
12234 struct nlattr **attrbuf;
12235 struct survey_info survey;
12236 struct cfg80211_registered_device *rdev;
12237 struct wireless_dev *wdev;
12238 int survey_idx = cb->args[2];
12239 int res;
12240 bool radio_stats;
12241
12242 attrbuf = kzalloc_objs(*attrbuf, NUM_NL80211_ATTR);
12243 if (!attrbuf)
12244 return -ENOMEM;
12245
12246 res = nl80211_prepare_wdev_dump(cb, &rdev, &wdev, attrbuf);
12247 if (res) {
12248 kfree(attrbuf);
12249 return res;
12250 }
12251 /* nl80211_prepare_wdev_dump acquired it in the successful case */
12252 __acquire(&rdev->wiphy.mtx);
12253
12254 /* prepare_wdev_dump parsed the attributes */
12255 radio_stats = attrbuf[NL80211_ATTR_SURVEY_RADIO_STATS];
12256
12257 if (!wdev->netdev) {
12258 res = -EINVAL;
12259 goto out_err;
12260 }
12261
12262 if (!rdev->ops->dump_survey) {
12263 res = -EOPNOTSUPP;
12264 goto out_err;
12265 }
12266
12267 while (1) {
12268 res = rdev_dump_survey(rdev, wdev->netdev, survey_idx, &survey);
12269 if (res == -ENOENT)
12270 break;
12271 if (res)
12272 goto out_err;
12273
12274 /* don't send disabled channels, but do send non-channel data */
12275 if (survey.channel &&
12276 survey.channel->flags & IEEE80211_CHAN_DISABLED) {
12277 survey_idx++;
12278 continue;
12279 }
12280
12281 if (nl80211_send_survey(skb,
12282 NETLINK_CB(cb->skb).portid,
12283 cb->nlh->nlmsg_seq, NLM_F_MULTI,
12284 wdev->netdev, radio_stats, &survey) < 0)
12285 goto out;
12286 survey_idx++;
12287 }
12288
12289 out:
12290 cb->args[2] = survey_idx;
12291 res = skb->len;
12292 out_err:
12293 kfree(attrbuf);
12294 wiphy_unlock(&rdev->wiphy);
12295 return res;
12296 }
12297
nl80211_authenticate(struct sk_buff * skb,struct genl_info * info)12298 static int nl80211_authenticate(struct sk_buff *skb, struct genl_info *info)
12299 {
12300 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12301 struct net_device *dev = info->user_ptr[1];
12302 struct ieee80211_channel *chan;
12303 const u8 *bssid, *ssid;
12304 int err, ssid_len;
12305 enum nl80211_auth_type auth_type;
12306 struct key_parse key;
12307 bool local_state_change;
12308 struct cfg80211_auth_request req = {};
12309 u32 freq;
12310
12311 if (!info->attrs[NL80211_ATTR_MAC])
12312 return -EINVAL;
12313
12314 if (!info->attrs[NL80211_ATTR_AUTH_TYPE])
12315 return -EINVAL;
12316
12317 if (!info->attrs[NL80211_ATTR_SSID])
12318 return -EINVAL;
12319
12320 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
12321 return -EINVAL;
12322
12323 err = nl80211_parse_key(info, &key);
12324 if (err)
12325 return err;
12326
12327 if (key.idx >= 0) {
12328 if (key.type != -1 && key.type != NL80211_KEYTYPE_GROUP)
12329 return -EINVAL;
12330 if (!key.p.key || !key.p.key_len)
12331 return -EINVAL;
12332 if ((key.p.cipher != WLAN_CIPHER_SUITE_WEP40 ||
12333 key.p.key_len != WLAN_KEY_LEN_WEP40) &&
12334 (key.p.cipher != WLAN_CIPHER_SUITE_WEP104 ||
12335 key.p.key_len != WLAN_KEY_LEN_WEP104))
12336 return -EINVAL;
12337 if (key.idx > 3)
12338 return -EINVAL;
12339 } else {
12340 key.p.key_len = 0;
12341 key.p.key = NULL;
12342 }
12343
12344 if (key.idx >= 0) {
12345 int i;
12346 bool ok = false;
12347
12348 for (i = 0; i < rdev->wiphy.n_cipher_suites; i++) {
12349 if (key.p.cipher == rdev->wiphy.cipher_suites[i]) {
12350 ok = true;
12351 break;
12352 }
12353 }
12354 if (!ok)
12355 return -EINVAL;
12356 }
12357
12358 if (!rdev->ops->auth)
12359 return -EOPNOTSUPP;
12360
12361 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
12362 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
12363 return -EOPNOTSUPP;
12364
12365 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
12366 freq = MHZ_TO_KHZ(nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]));
12367 if (info->attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET])
12368 freq +=
12369 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET]);
12370
12371 chan = nl80211_get_valid_chan(&rdev->wiphy, freq);
12372 if (!chan)
12373 return -EINVAL;
12374
12375 ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
12376 ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
12377
12378 if (info->attrs[NL80211_ATTR_IE]) {
12379 req.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
12380 req.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
12381 }
12382
12383 if (info->attrs[NL80211_ATTR_SUPPORTED_SELECTORS]) {
12384 req.supported_selectors =
12385 nla_data(info->attrs[NL80211_ATTR_SUPPORTED_SELECTORS]);
12386 req.supported_selectors_len =
12387 nla_len(info->attrs[NL80211_ATTR_SUPPORTED_SELECTORS]);
12388 }
12389
12390 auth_type = nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
12391 if (!nl80211_valid_auth_type(rdev, auth_type, NL80211_CMD_AUTHENTICATE))
12392 return -EINVAL;
12393
12394 if ((auth_type == NL80211_AUTHTYPE_SAE ||
12395 auth_type == NL80211_AUTHTYPE_FILS_SK ||
12396 auth_type == NL80211_AUTHTYPE_FILS_SK_PFS ||
12397 auth_type == NL80211_AUTHTYPE_FILS_PK ||
12398 auth_type == NL80211_AUTHTYPE_EPPKE ||
12399 auth_type == NL80211_AUTHTYPE_IEEE8021X) &&
12400 !info->attrs[NL80211_ATTR_AUTH_DATA])
12401 return -EINVAL;
12402
12403 if (info->attrs[NL80211_ATTR_AUTH_DATA]) {
12404 if (auth_type != NL80211_AUTHTYPE_SAE &&
12405 auth_type != NL80211_AUTHTYPE_FILS_SK &&
12406 auth_type != NL80211_AUTHTYPE_FILS_SK_PFS &&
12407 auth_type != NL80211_AUTHTYPE_FILS_PK &&
12408 auth_type != NL80211_AUTHTYPE_EPPKE &&
12409 auth_type != NL80211_AUTHTYPE_IEEE8021X)
12410 return -EINVAL;
12411 req.auth_data = nla_data(info->attrs[NL80211_ATTR_AUTH_DATA]);
12412 req.auth_data_len = nla_len(info->attrs[NL80211_ATTR_AUTH_DATA]);
12413 }
12414
12415 local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
12416
12417 /*
12418 * Since we no longer track auth state, ignore
12419 * requests to only change local state.
12420 */
12421 if (local_state_change)
12422 return 0;
12423
12424 req.auth_type = auth_type;
12425 req.key = key.p.key;
12426 req.key_len = key.p.key_len;
12427 req.key_idx = key.idx;
12428 req.link_id = nl80211_link_id_or_invalid(info->attrs);
12429 if (req.link_id >= 0) {
12430 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_MLO))
12431 return -EINVAL;
12432 if (!info->attrs[NL80211_ATTR_MLD_ADDR])
12433 return -EINVAL;
12434 req.ap_mld_addr = nla_data(info->attrs[NL80211_ATTR_MLD_ADDR]);
12435 if (!is_valid_ether_addr(req.ap_mld_addr))
12436 return -EINVAL;
12437 }
12438
12439 req.bss = cfg80211_get_bss(&rdev->wiphy, chan, bssid, ssid, ssid_len,
12440 IEEE80211_BSS_TYPE_ESS,
12441 IEEE80211_PRIVACY_ANY);
12442 if (!req.bss)
12443 return -ENOENT;
12444
12445 err = cfg80211_mlme_auth(rdev, dev, &req);
12446
12447 cfg80211_put_bss(&rdev->wiphy, req.bss);
12448
12449 return err;
12450 }
12451
validate_pae_over_nl80211(struct cfg80211_registered_device * rdev,struct genl_info * info)12452 static int validate_pae_over_nl80211(struct cfg80211_registered_device *rdev,
12453 struct genl_info *info)
12454 {
12455 if (!info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
12456 GENL_SET_ERR_MSG(info, "SOCKET_OWNER not set");
12457 return -EINVAL;
12458 }
12459
12460 if (!rdev->ops->tx_control_port ||
12461 !wiphy_ext_feature_isset(&rdev->wiphy,
12462 NL80211_EXT_FEATURE_CONTROL_PORT_OVER_NL80211))
12463 return -EOPNOTSUPP;
12464
12465 return 0;
12466 }
12467
nl80211_crypto_settings(struct cfg80211_registered_device * rdev,struct genl_info * info,struct cfg80211_crypto_settings * settings,int cipher_limit)12468 static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev,
12469 struct genl_info *info,
12470 struct cfg80211_crypto_settings *settings,
12471 int cipher_limit)
12472 {
12473 memset(settings, 0, sizeof(*settings));
12474
12475 settings->control_port = info->attrs[NL80211_ATTR_CONTROL_PORT];
12476
12477 if (info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]) {
12478 u16 proto;
12479
12480 proto = nla_get_u16(
12481 info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]);
12482 settings->control_port_ethertype = cpu_to_be16(proto);
12483 if (!(rdev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) &&
12484 proto != ETH_P_PAE)
12485 return -EINVAL;
12486 if (info->attrs[NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT])
12487 settings->control_port_no_encrypt = true;
12488 } else
12489 settings->control_port_ethertype = cpu_to_be16(ETH_P_PAE);
12490
12491 if (info->attrs[NL80211_ATTR_CONTROL_PORT_OVER_NL80211]) {
12492 int r = validate_pae_over_nl80211(rdev, info);
12493
12494 if (r < 0)
12495 return r;
12496
12497 settings->control_port_over_nl80211 = true;
12498
12499 if (info->attrs[NL80211_ATTR_CONTROL_PORT_NO_PREAUTH])
12500 settings->control_port_no_preauth = true;
12501 }
12502
12503 if (info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]) {
12504 void *data;
12505 int len, i;
12506
12507 data = nla_data(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]);
12508 len = nla_len(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]);
12509 settings->n_ciphers_pairwise = len / sizeof(u32);
12510
12511 if (len % sizeof(u32))
12512 return -EINVAL;
12513
12514 if (settings->n_ciphers_pairwise > cipher_limit)
12515 return -EINVAL;
12516
12517 memcpy(settings->ciphers_pairwise, data, len);
12518
12519 for (i = 0; i < settings->n_ciphers_pairwise; i++)
12520 if (!cfg80211_supported_cipher_suite(
12521 &rdev->wiphy,
12522 settings->ciphers_pairwise[i]))
12523 return -EINVAL;
12524 }
12525
12526 if (info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]) {
12527 settings->cipher_group =
12528 nla_get_u32(info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]);
12529 if (!cfg80211_supported_cipher_suite(&rdev->wiphy,
12530 settings->cipher_group))
12531 return -EINVAL;
12532 }
12533
12534 if (info->attrs[NL80211_ATTR_WPA_VERSIONS])
12535 settings->wpa_versions =
12536 nla_get_u32(info->attrs[NL80211_ATTR_WPA_VERSIONS]);
12537
12538 if (info->attrs[NL80211_ATTR_AKM_SUITES]) {
12539 void *data;
12540 int len;
12541
12542 data = nla_data(info->attrs[NL80211_ATTR_AKM_SUITES]);
12543 len = nla_len(info->attrs[NL80211_ATTR_AKM_SUITES]);
12544 settings->n_akm_suites = len / sizeof(u32);
12545
12546 if (len % sizeof(u32))
12547 return -EINVAL;
12548
12549 if (settings->n_akm_suites > rdev->wiphy.max_num_akm_suites)
12550 return -EINVAL;
12551
12552 memcpy(settings->akm_suites, data, len);
12553 }
12554
12555 if (info->attrs[NL80211_ATTR_PMK]) {
12556 if (nla_len(info->attrs[NL80211_ATTR_PMK]) != WLAN_PMK_LEN)
12557 return -EINVAL;
12558 if (!wiphy_ext_feature_isset(&rdev->wiphy,
12559 NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_PSK) &&
12560 !wiphy_ext_feature_isset(&rdev->wiphy,
12561 NL80211_EXT_FEATURE_4WAY_HANDSHAKE_AP_PSK))
12562 return -EINVAL;
12563 settings->psk = nla_data(info->attrs[NL80211_ATTR_PMK]);
12564 }
12565
12566 if (info->attrs[NL80211_ATTR_SAE_PASSWORD]) {
12567 if (!wiphy_ext_feature_isset(&rdev->wiphy,
12568 NL80211_EXT_FEATURE_SAE_OFFLOAD) &&
12569 !wiphy_ext_feature_isset(&rdev->wiphy,
12570 NL80211_EXT_FEATURE_SAE_OFFLOAD_AP))
12571 return -EINVAL;
12572 settings->sae_pwd =
12573 nla_data(info->attrs[NL80211_ATTR_SAE_PASSWORD]);
12574 settings->sae_pwd_len =
12575 nla_len(info->attrs[NL80211_ATTR_SAE_PASSWORD]);
12576 }
12577
12578 settings->sae_pwe =
12579 nla_get_u8_default(info->attrs[NL80211_ATTR_SAE_PWE],
12580 NL80211_SAE_PWE_UNSPECIFIED);
12581
12582 return 0;
12583 }
12584
nl80211_assoc_bss(struct cfg80211_registered_device * rdev,const u8 * ssid,int ssid_len,struct nlattr ** attrs,int assoc_link_id,int link_id)12585 static struct cfg80211_bss *nl80211_assoc_bss(struct cfg80211_registered_device *rdev,
12586 const u8 *ssid, int ssid_len,
12587 struct nlattr **attrs,
12588 int assoc_link_id, int link_id)
12589 {
12590 struct ieee80211_channel *chan;
12591 struct cfg80211_bss *bss;
12592 const u8 *bssid;
12593 u32 freq, use_for = 0;
12594
12595 if (!attrs[NL80211_ATTR_MAC] || !attrs[NL80211_ATTR_WIPHY_FREQ])
12596 return ERR_PTR(-EINVAL);
12597
12598 bssid = nla_data(attrs[NL80211_ATTR_MAC]);
12599
12600 freq = MHZ_TO_KHZ(nla_get_u32(attrs[NL80211_ATTR_WIPHY_FREQ]));
12601 if (attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET])
12602 freq += nla_get_u32(attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET]);
12603
12604 chan = nl80211_get_valid_chan(&rdev->wiphy, freq);
12605 if (!chan)
12606 return ERR_PTR(-EINVAL);
12607
12608 if (assoc_link_id >= 0)
12609 use_for = NL80211_BSS_USE_FOR_MLD_LINK;
12610 if (assoc_link_id == link_id)
12611 use_for |= NL80211_BSS_USE_FOR_NORMAL;
12612
12613 bss = __cfg80211_get_bss(&rdev->wiphy, chan, bssid,
12614 ssid, ssid_len,
12615 IEEE80211_BSS_TYPE_ESS,
12616 IEEE80211_PRIVACY_ANY,
12617 use_for);
12618 if (!bss)
12619 return ERR_PTR(-ENOENT);
12620
12621 return bss;
12622 }
12623
nl80211_process_links(struct cfg80211_registered_device * rdev,struct cfg80211_assoc_link * links,int assoc_link_id,const u8 * ssid,int ssid_len,struct genl_info * info)12624 static int nl80211_process_links(struct cfg80211_registered_device *rdev,
12625 struct cfg80211_assoc_link *links,
12626 int assoc_link_id,
12627 const u8 *ssid, int ssid_len,
12628 struct genl_info *info)
12629 {
12630 unsigned int attrsize = NUM_NL80211_ATTR * sizeof(struct nlattr *);
12631 struct nlattr **attrs __free(kfree) = kzalloc(attrsize, GFP_KERNEL);
12632 struct nlattr *link;
12633 unsigned int link_id;
12634 int rem, err;
12635
12636 if (!attrs)
12637 return -ENOMEM;
12638
12639 nla_for_each_nested(link, info->attrs[NL80211_ATTR_MLO_LINKS], rem) {
12640 memset(attrs, 0, attrsize);
12641
12642 nla_parse_nested(attrs, NL80211_ATTR_MAX, link, NULL, NULL);
12643
12644 if (!attrs[NL80211_ATTR_MLO_LINK_ID]) {
12645 NL_SET_BAD_ATTR(info->extack, link);
12646 return -EINVAL;
12647 }
12648
12649 link_id = nla_get_u8(attrs[NL80211_ATTR_MLO_LINK_ID]);
12650 /* cannot use the same link ID again */
12651 if (links[link_id].bss) {
12652 NL_SET_BAD_ATTR(info->extack, link);
12653 return -EINVAL;
12654 }
12655 links[link_id].bss =
12656 nl80211_assoc_bss(rdev, ssid, ssid_len, attrs,
12657 assoc_link_id, link_id);
12658 if (IS_ERR(links[link_id].bss)) {
12659 err = PTR_ERR(links[link_id].bss);
12660 links[link_id].bss = NULL;
12661 NL_SET_ERR_MSG_ATTR(info->extack, link,
12662 "Error fetching BSS for link");
12663 return err;
12664 }
12665
12666 if (attrs[NL80211_ATTR_IE]) {
12667 links[link_id].elems = nla_data(attrs[NL80211_ATTR_IE]);
12668 links[link_id].elems_len =
12669 nla_len(attrs[NL80211_ATTR_IE]);
12670
12671 if (cfg80211_find_elem(WLAN_EID_FRAGMENT,
12672 links[link_id].elems,
12673 links[link_id].elems_len)) {
12674 NL_SET_ERR_MSG_ATTR(info->extack,
12675 attrs[NL80211_ATTR_IE],
12676 "cannot deal with fragmentation");
12677 return -EINVAL;
12678 }
12679
12680 if (cfg80211_find_ext_elem(WLAN_EID_EXT_NON_INHERITANCE,
12681 links[link_id].elems,
12682 links[link_id].elems_len)) {
12683 NL_SET_ERR_MSG_ATTR(info->extack,
12684 attrs[NL80211_ATTR_IE],
12685 "cannot deal with non-inheritance");
12686 return -EINVAL;
12687 }
12688 }
12689 }
12690
12691 return 0;
12692 }
12693
nl80211_associate(struct sk_buff * skb,struct genl_info * info)12694 static int nl80211_associate(struct sk_buff *skb, struct genl_info *info)
12695 {
12696 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12697 struct net_device *dev = info->user_ptr[1];
12698 struct cfg80211_assoc_request req = {};
12699 const u8 *ap_addr, *ssid;
12700 unsigned int link_id;
12701 int err, ssid_len;
12702
12703 if (dev->ieee80211_ptr->conn_owner_nlportid &&
12704 dev->ieee80211_ptr->conn_owner_nlportid != info->snd_portid)
12705 return -EPERM;
12706
12707 if (!info->attrs[NL80211_ATTR_SSID])
12708 return -EINVAL;
12709
12710 if (!rdev->ops->assoc)
12711 return -EOPNOTSUPP;
12712
12713 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
12714 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
12715 return -EOPNOTSUPP;
12716
12717 ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
12718 ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
12719
12720 if (info->attrs[NL80211_ATTR_IE]) {
12721 req.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
12722 req.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
12723
12724 if (cfg80211_find_ext_elem(WLAN_EID_EXT_NON_INHERITANCE,
12725 req.ie, req.ie_len)) {
12726 NL_SET_ERR_MSG_ATTR(info->extack,
12727 info->attrs[NL80211_ATTR_IE],
12728 "non-inheritance makes no sense");
12729 return -EINVAL;
12730 }
12731 }
12732
12733 if (info->attrs[NL80211_ATTR_USE_MFP]) {
12734 enum nl80211_mfp mfp =
12735 nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]);
12736 if (mfp == NL80211_MFP_REQUIRED)
12737 req.use_mfp = true;
12738 else if (mfp != NL80211_MFP_NO)
12739 return -EINVAL;
12740 }
12741
12742 if (info->attrs[NL80211_ATTR_PREV_BSSID])
12743 req.prev_bssid = nla_data(info->attrs[NL80211_ATTR_PREV_BSSID]);
12744
12745 if (info->attrs[NL80211_ATTR_SUPPORTED_SELECTORS]) {
12746 req.supported_selectors =
12747 nla_data(info->attrs[NL80211_ATTR_SUPPORTED_SELECTORS]);
12748 req.supported_selectors_len =
12749 nla_len(info->attrs[NL80211_ATTR_SUPPORTED_SELECTORS]);
12750 }
12751
12752 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT]))
12753 req.flags |= ASSOC_REQ_DISABLE_HT;
12754
12755 if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
12756 memcpy(&req.ht_capa_mask,
12757 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
12758 sizeof(req.ht_capa_mask));
12759
12760 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
12761 if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
12762 return -EINVAL;
12763 memcpy(&req.ht_capa,
12764 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
12765 sizeof(req.ht_capa));
12766 }
12767
12768 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_VHT]))
12769 req.flags |= ASSOC_REQ_DISABLE_VHT;
12770
12771 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HE]))
12772 req.flags |= ASSOC_REQ_DISABLE_HE;
12773
12774 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_EHT]))
12775 req.flags |= ASSOC_REQ_DISABLE_EHT;
12776
12777 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_UHR]))
12778 req.flags |= ASSOC_REQ_DISABLE_UHR;
12779
12780 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
12781 memcpy(&req.vht_capa_mask,
12782 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]),
12783 sizeof(req.vht_capa_mask));
12784
12785 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY]) {
12786 if (!info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
12787 return -EINVAL;
12788 memcpy(&req.vht_capa,
12789 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]),
12790 sizeof(req.vht_capa));
12791 }
12792
12793 if (nla_get_flag(info->attrs[NL80211_ATTR_USE_RRM])) {
12794 if (!((rdev->wiphy.features &
12795 NL80211_FEATURE_DS_PARAM_SET_IE_IN_PROBES) &&
12796 (rdev->wiphy.features & NL80211_FEATURE_QUIET)) &&
12797 !wiphy_ext_feature_isset(&rdev->wiphy,
12798 NL80211_EXT_FEATURE_RRM))
12799 return -EINVAL;
12800 req.flags |= ASSOC_REQ_USE_RRM;
12801 }
12802
12803 if (info->attrs[NL80211_ATTR_FILS_KEK]) {
12804 req.fils_kek = nla_data(info->attrs[NL80211_ATTR_FILS_KEK]);
12805 req.fils_kek_len = nla_len(info->attrs[NL80211_ATTR_FILS_KEK]);
12806 if (!info->attrs[NL80211_ATTR_FILS_NONCES])
12807 return -EINVAL;
12808 req.fils_nonces =
12809 nla_data(info->attrs[NL80211_ATTR_FILS_NONCES]);
12810 }
12811
12812 if (info->attrs[NL80211_ATTR_S1G_CAPABILITY_MASK]) {
12813 if (!info->attrs[NL80211_ATTR_S1G_CAPABILITY])
12814 return -EINVAL;
12815 memcpy(&req.s1g_capa_mask,
12816 nla_data(info->attrs[NL80211_ATTR_S1G_CAPABILITY_MASK]),
12817 sizeof(req.s1g_capa_mask));
12818 }
12819
12820 if (info->attrs[NL80211_ATTR_S1G_CAPABILITY]) {
12821 if (!info->attrs[NL80211_ATTR_S1G_CAPABILITY_MASK])
12822 return -EINVAL;
12823 memcpy(&req.s1g_capa,
12824 nla_data(info->attrs[NL80211_ATTR_S1G_CAPABILITY]),
12825 sizeof(req.s1g_capa));
12826 }
12827
12828 if (nla_get_flag(info->attrs[NL80211_ATTR_ASSOC_SPP_AMSDU])) {
12829 if (!wiphy_ext_feature_isset(&rdev->wiphy,
12830 NL80211_EXT_FEATURE_SPP_AMSDU_SUPPORT)) {
12831 GENL_SET_ERR_MSG(info, "SPP A-MSDUs not supported");
12832 return -EINVAL;
12833 }
12834 req.flags |= ASSOC_REQ_SPP_AMSDU;
12835 }
12836
12837 req.link_id = nl80211_link_id_or_invalid(info->attrs);
12838
12839 if (info->attrs[NL80211_ATTR_MLO_LINKS]) {
12840 if (req.link_id < 0)
12841 return -EINVAL;
12842
12843 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_MLO))
12844 return -EINVAL;
12845
12846 if (info->attrs[NL80211_ATTR_MAC] ||
12847 info->attrs[NL80211_ATTR_WIPHY_FREQ] ||
12848 !info->attrs[NL80211_ATTR_MLD_ADDR])
12849 return -EINVAL;
12850
12851 req.ap_mld_addr = nla_data(info->attrs[NL80211_ATTR_MLD_ADDR]);
12852 ap_addr = req.ap_mld_addr;
12853
12854 err = nl80211_process_links(rdev, req.links, req.link_id,
12855 ssid, ssid_len, info);
12856 if (err)
12857 goto free;
12858
12859 if (!req.links[req.link_id].bss) {
12860 err = -EINVAL;
12861 goto free;
12862 }
12863
12864 if (req.links[req.link_id].elems_len) {
12865 GENL_SET_ERR_MSG(info,
12866 "cannot have per-link elems on assoc link");
12867 err = -EINVAL;
12868 goto free;
12869 }
12870
12871 if (info->attrs[NL80211_ATTR_ASSOC_MLD_EXT_CAPA_OPS])
12872 req.ext_mld_capa_ops =
12873 nla_get_u16(info->attrs[NL80211_ATTR_ASSOC_MLD_EXT_CAPA_OPS]);
12874 } else {
12875 if (req.link_id >= 0)
12876 return -EINVAL;
12877
12878 req.bss = nl80211_assoc_bss(rdev, ssid, ssid_len, info->attrs,
12879 -1, -1);
12880 if (IS_ERR(req.bss))
12881 return PTR_ERR(req.bss);
12882 ap_addr = req.bss->bssid;
12883
12884 if (info->attrs[NL80211_ATTR_ASSOC_MLD_EXT_CAPA_OPS])
12885 return -EINVAL;
12886 }
12887
12888 err = nl80211_crypto_settings(rdev, info, &req.crypto, 1);
12889 if (!err) {
12890 struct nlattr *link;
12891 int rem = 0;
12892
12893 err = cfg80211_mlme_assoc(rdev, dev, &req,
12894 info->extack);
12895
12896 if (!err && info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
12897 dev->ieee80211_ptr->conn_owner_nlportid =
12898 info->snd_portid;
12899 memcpy(dev->ieee80211_ptr->disconnect_bssid,
12900 ap_addr, ETH_ALEN);
12901 }
12902
12903 /* Report error from first problematic link */
12904 if (info->attrs[NL80211_ATTR_MLO_LINKS]) {
12905 nla_for_each_nested(link,
12906 info->attrs[NL80211_ATTR_MLO_LINKS],
12907 rem) {
12908 struct nlattr *link_id_attr =
12909 nla_find_nested(link, NL80211_ATTR_MLO_LINK_ID);
12910
12911 if (!link_id_attr)
12912 continue;
12913
12914 link_id = nla_get_u8(link_id_attr);
12915
12916 if (link_id == req.link_id)
12917 continue;
12918
12919 if (!req.links[link_id].error ||
12920 WARN_ON(req.links[link_id].error > 0))
12921 continue;
12922
12923 WARN_ON(err >= 0);
12924
12925 NL_SET_BAD_ATTR(info->extack, link);
12926 err = req.links[link_id].error;
12927 break;
12928 }
12929 }
12930 }
12931
12932 free:
12933 for (link_id = 0; link_id < ARRAY_SIZE(req.links); link_id++)
12934 cfg80211_put_bss(&rdev->wiphy, req.links[link_id].bss);
12935 cfg80211_put_bss(&rdev->wiphy, req.bss);
12936
12937 return err;
12938 }
12939
nl80211_deauthenticate(struct sk_buff * skb,struct genl_info * info)12940 static int nl80211_deauthenticate(struct sk_buff *skb, struct genl_info *info)
12941 {
12942 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12943 struct net_device *dev = info->user_ptr[1];
12944 const u8 *ie = NULL, *bssid;
12945 int ie_len = 0;
12946 u16 reason_code;
12947 bool local_state_change;
12948
12949 if (dev->ieee80211_ptr->conn_owner_nlportid &&
12950 dev->ieee80211_ptr->conn_owner_nlportid != info->snd_portid)
12951 return -EPERM;
12952
12953 if (!info->attrs[NL80211_ATTR_MAC])
12954 return -EINVAL;
12955
12956 if (!info->attrs[NL80211_ATTR_REASON_CODE])
12957 return -EINVAL;
12958
12959 if (!rdev->ops->deauth)
12960 return -EOPNOTSUPP;
12961
12962 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
12963 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
12964 return -EOPNOTSUPP;
12965
12966 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
12967
12968 reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
12969 if (reason_code == 0) {
12970 /* Reason Code 0 is reserved */
12971 return -EINVAL;
12972 }
12973
12974 if (info->attrs[NL80211_ATTR_IE]) {
12975 ie = nla_data(info->attrs[NL80211_ATTR_IE]);
12976 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
12977 }
12978
12979 local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
12980
12981 return cfg80211_mlme_deauth(rdev, dev, bssid, ie, ie_len, reason_code,
12982 local_state_change);
12983 }
12984
nl80211_disassociate(struct sk_buff * skb,struct genl_info * info)12985 static int nl80211_disassociate(struct sk_buff *skb, struct genl_info *info)
12986 {
12987 struct cfg80211_registered_device *rdev = info->user_ptr[0];
12988 struct net_device *dev = info->user_ptr[1];
12989 const u8 *ie = NULL, *bssid;
12990 int ie_len = 0;
12991 u16 reason_code;
12992 bool local_state_change;
12993
12994 if (dev->ieee80211_ptr->conn_owner_nlportid &&
12995 dev->ieee80211_ptr->conn_owner_nlportid != info->snd_portid)
12996 return -EPERM;
12997
12998 if (!info->attrs[NL80211_ATTR_MAC])
12999 return -EINVAL;
13000
13001 if (!info->attrs[NL80211_ATTR_REASON_CODE])
13002 return -EINVAL;
13003
13004 if (!rdev->ops->disassoc)
13005 return -EOPNOTSUPP;
13006
13007 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
13008 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
13009 return -EOPNOTSUPP;
13010
13011 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
13012
13013 reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
13014 if (reason_code == 0) {
13015 /* Reason Code 0 is reserved */
13016 return -EINVAL;
13017 }
13018
13019 if (info->attrs[NL80211_ATTR_IE]) {
13020 ie = nla_data(info->attrs[NL80211_ATTR_IE]);
13021 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
13022 }
13023
13024 local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
13025
13026 return cfg80211_mlme_disassoc(rdev, dev, bssid, ie, ie_len, reason_code,
13027 local_state_change);
13028 }
13029
13030 static bool
nl80211_parse_mcast_rate(struct cfg80211_registered_device * rdev,int mcast_rate[NUM_NL80211_BANDS],int rateval)13031 nl80211_parse_mcast_rate(struct cfg80211_registered_device *rdev,
13032 int mcast_rate[NUM_NL80211_BANDS],
13033 int rateval)
13034 {
13035 struct wiphy *wiphy = &rdev->wiphy;
13036 bool found = false;
13037 int band, i;
13038
13039 for (band = 0; band < NUM_NL80211_BANDS; band++) {
13040 struct ieee80211_supported_band *sband;
13041
13042 sband = wiphy->bands[band];
13043 if (!sband)
13044 continue;
13045
13046 for (i = 0; i < sband->n_bitrates; i++) {
13047 if (sband->bitrates[i].bitrate == rateval) {
13048 mcast_rate[band] = i + 1;
13049 found = true;
13050 break;
13051 }
13052 }
13053 }
13054
13055 return found;
13056 }
13057
nl80211_join_ibss(struct sk_buff * skb,struct genl_info * info)13058 static int nl80211_join_ibss(struct sk_buff *skb, struct genl_info *info)
13059 {
13060 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13061 struct net_device *dev = info->user_ptr[1];
13062 struct cfg80211_ibss_params ibss;
13063 struct wiphy *wiphy;
13064 struct cfg80211_cached_keys *connkeys = NULL;
13065 int err;
13066
13067 memset(&ibss, 0, sizeof(ibss));
13068
13069 if (!info->attrs[NL80211_ATTR_SSID] ||
13070 !nla_len(info->attrs[NL80211_ATTR_SSID]))
13071 return -EINVAL;
13072
13073 ibss.beacon_interval = 100;
13074
13075 if (info->attrs[NL80211_ATTR_BEACON_INTERVAL])
13076 ibss.beacon_interval =
13077 nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
13078
13079 err = cfg80211_validate_beacon_int(rdev, NL80211_IFTYPE_ADHOC,
13080 ibss.beacon_interval);
13081 if (err)
13082 return err;
13083
13084 if (!rdev->ops->join_ibss)
13085 return -EOPNOTSUPP;
13086
13087 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC)
13088 return -EOPNOTSUPP;
13089
13090 wiphy = &rdev->wiphy;
13091
13092 if (info->attrs[NL80211_ATTR_MAC]) {
13093 ibss.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
13094
13095 if (!is_valid_ether_addr(ibss.bssid))
13096 return -EINVAL;
13097 }
13098 ibss.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
13099 ibss.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
13100
13101 if (info->attrs[NL80211_ATTR_IE]) {
13102 ibss.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
13103 ibss.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
13104 }
13105
13106 err = nl80211_parse_chandef(rdev, info->extack, info->attrs,
13107 &ibss.chandef);
13108 if (err)
13109 return err;
13110
13111 if (!cfg80211_reg_can_beacon(&rdev->wiphy, &ibss.chandef,
13112 NL80211_IFTYPE_ADHOC))
13113 return -EINVAL;
13114
13115 switch (ibss.chandef.width) {
13116 case NL80211_CHAN_WIDTH_5:
13117 case NL80211_CHAN_WIDTH_10:
13118 case NL80211_CHAN_WIDTH_20_NOHT:
13119 break;
13120 case NL80211_CHAN_WIDTH_20:
13121 case NL80211_CHAN_WIDTH_40:
13122 if (!(rdev->wiphy.features & NL80211_FEATURE_HT_IBSS))
13123 return -EINVAL;
13124 break;
13125 case NL80211_CHAN_WIDTH_80:
13126 case NL80211_CHAN_WIDTH_80P80:
13127 case NL80211_CHAN_WIDTH_160:
13128 if (!(rdev->wiphy.features & NL80211_FEATURE_HT_IBSS))
13129 return -EINVAL;
13130 if (!wiphy_ext_feature_isset(&rdev->wiphy,
13131 NL80211_EXT_FEATURE_VHT_IBSS))
13132 return -EINVAL;
13133 break;
13134 case NL80211_CHAN_WIDTH_320:
13135 return -EINVAL;
13136 default:
13137 return -EINVAL;
13138 }
13139
13140 ibss.channel_fixed = !!info->attrs[NL80211_ATTR_FREQ_FIXED];
13141 ibss.privacy = !!info->attrs[NL80211_ATTR_PRIVACY];
13142
13143 if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
13144 u8 *rates =
13145 nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
13146 int n_rates =
13147 nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
13148 struct ieee80211_supported_band *sband =
13149 wiphy->bands[ibss.chandef.chan->band];
13150
13151 err = ieee80211_get_ratemask(sband, rates, n_rates,
13152 &ibss.basic_rates);
13153 if (err)
13154 return err;
13155 }
13156
13157 if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
13158 memcpy(&ibss.ht_capa_mask,
13159 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
13160 sizeof(ibss.ht_capa_mask));
13161
13162 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
13163 if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
13164 return -EINVAL;
13165 memcpy(&ibss.ht_capa,
13166 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
13167 sizeof(ibss.ht_capa));
13168 }
13169
13170 if (info->attrs[NL80211_ATTR_MCAST_RATE] &&
13171 !nl80211_parse_mcast_rate(rdev, ibss.mcast_rate,
13172 nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE])))
13173 return -EINVAL;
13174
13175 if (ibss.privacy && info->attrs[NL80211_ATTR_KEYS]) {
13176 bool no_ht = false;
13177
13178 connkeys = nl80211_parse_connkeys(rdev, info, &no_ht);
13179 if (IS_ERR(connkeys))
13180 return PTR_ERR(connkeys);
13181
13182 if ((ibss.chandef.width != NL80211_CHAN_WIDTH_20_NOHT) &&
13183 no_ht) {
13184 kfree_sensitive(connkeys);
13185 return -EINVAL;
13186 }
13187 }
13188
13189 ibss.control_port =
13190 nla_get_flag(info->attrs[NL80211_ATTR_CONTROL_PORT]);
13191
13192 if (info->attrs[NL80211_ATTR_CONTROL_PORT_OVER_NL80211]) {
13193 int r = validate_pae_over_nl80211(rdev, info);
13194
13195 if (r < 0) {
13196 kfree_sensitive(connkeys);
13197 return r;
13198 }
13199
13200 ibss.control_port_over_nl80211 = true;
13201 }
13202
13203 ibss.userspace_handles_dfs =
13204 nla_get_flag(info->attrs[NL80211_ATTR_HANDLE_DFS]);
13205
13206 err = __cfg80211_join_ibss(rdev, dev, &ibss, connkeys);
13207 if (err)
13208 kfree_sensitive(connkeys);
13209 else if (info->attrs[NL80211_ATTR_SOCKET_OWNER])
13210 dev->ieee80211_ptr->conn_owner_nlportid = info->snd_portid;
13211
13212 return err;
13213 }
13214
nl80211_leave_ibss(struct sk_buff * skb,struct genl_info * info)13215 static int nl80211_leave_ibss(struct sk_buff *skb, struct genl_info *info)
13216 {
13217 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13218 struct net_device *dev = info->user_ptr[1];
13219
13220 if (!rdev->ops->leave_ibss)
13221 return -EOPNOTSUPP;
13222
13223 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC)
13224 return -EOPNOTSUPP;
13225
13226 return cfg80211_leave_ibss(rdev, dev, false);
13227 }
13228
nl80211_set_mcast_rate(struct sk_buff * skb,struct genl_info * info)13229 static int nl80211_set_mcast_rate(struct sk_buff *skb, struct genl_info *info)
13230 {
13231 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13232 struct net_device *dev = info->user_ptr[1];
13233 int mcast_rate[NUM_NL80211_BANDS];
13234 u32 nla_rate;
13235
13236 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC &&
13237 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT &&
13238 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_OCB)
13239 return -EOPNOTSUPP;
13240
13241 if (!rdev->ops->set_mcast_rate)
13242 return -EOPNOTSUPP;
13243
13244 memset(mcast_rate, 0, sizeof(mcast_rate));
13245
13246 if (!info->attrs[NL80211_ATTR_MCAST_RATE])
13247 return -EINVAL;
13248
13249 nla_rate = nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE]);
13250 if (!nl80211_parse_mcast_rate(rdev, mcast_rate, nla_rate))
13251 return -EINVAL;
13252
13253 return rdev_set_mcast_rate(rdev, dev, mcast_rate);
13254 }
13255
13256 static struct sk_buff *
__cfg80211_alloc_vendor_skb(struct cfg80211_registered_device * rdev,struct wireless_dev * wdev,int approxlen,u32 portid,u32 seq,enum nl80211_commands cmd,enum nl80211_attrs attr,const struct nl80211_vendor_cmd_info * info,gfp_t gfp)13257 __cfg80211_alloc_vendor_skb(struct cfg80211_registered_device *rdev,
13258 struct wireless_dev *wdev, int approxlen,
13259 u32 portid, u32 seq, enum nl80211_commands cmd,
13260 enum nl80211_attrs attr,
13261 const struct nl80211_vendor_cmd_info *info,
13262 gfp_t gfp)
13263 {
13264 struct sk_buff *skb;
13265 void *hdr;
13266 struct nlattr *data;
13267
13268 skb = nlmsg_new(approxlen + 100, gfp);
13269 if (!skb)
13270 return NULL;
13271
13272 hdr = nl80211hdr_put(skb, portid, seq, 0, cmd);
13273 if (!hdr) {
13274 kfree_skb(skb);
13275 return NULL;
13276 }
13277
13278 if (nla_put_u32(skb, NL80211_ATTR_WIPHY, rdev->wiphy_idx))
13279 goto nla_put_failure;
13280
13281 if (info) {
13282 if (nla_put_u32(skb, NL80211_ATTR_VENDOR_ID,
13283 info->vendor_id))
13284 goto nla_put_failure;
13285 if (nla_put_u32(skb, NL80211_ATTR_VENDOR_SUBCMD,
13286 info->subcmd))
13287 goto nla_put_failure;
13288 }
13289
13290 if (wdev) {
13291 if (nla_put_u64_64bit(skb, NL80211_ATTR_WDEV,
13292 wdev_id(wdev), NL80211_ATTR_PAD))
13293 goto nla_put_failure;
13294 if (wdev->netdev &&
13295 nla_put_u32(skb, NL80211_ATTR_IFINDEX,
13296 wdev->netdev->ifindex))
13297 goto nla_put_failure;
13298 }
13299
13300 data = nla_nest_start_noflag(skb, attr);
13301 if (!data)
13302 goto nla_put_failure;
13303
13304 ((void **)skb->cb)[0] = rdev;
13305 ((void **)skb->cb)[1] = hdr;
13306 ((void **)skb->cb)[2] = data;
13307
13308 return skb;
13309
13310 nla_put_failure:
13311 kfree_skb(skb);
13312 return NULL;
13313 }
13314
__cfg80211_alloc_event_skb(struct wiphy * wiphy,struct wireless_dev * wdev,enum nl80211_commands cmd,enum nl80211_attrs attr,unsigned int portid,int vendor_event_idx,int approxlen,gfp_t gfp)13315 struct sk_buff *__cfg80211_alloc_event_skb(struct wiphy *wiphy,
13316 struct wireless_dev *wdev,
13317 enum nl80211_commands cmd,
13318 enum nl80211_attrs attr,
13319 unsigned int portid,
13320 int vendor_event_idx,
13321 int approxlen, gfp_t gfp)
13322 {
13323 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
13324 const struct nl80211_vendor_cmd_info *info;
13325
13326 switch (cmd) {
13327 case NL80211_CMD_TESTMODE:
13328 if (WARN_ON(vendor_event_idx != -1))
13329 return NULL;
13330 info = NULL;
13331 break;
13332 case NL80211_CMD_VENDOR:
13333 if (WARN_ON(vendor_event_idx < 0 ||
13334 vendor_event_idx >= wiphy->n_vendor_events))
13335 return NULL;
13336 info = &wiphy->vendor_events[vendor_event_idx];
13337 break;
13338 default:
13339 WARN_ON(1);
13340 return NULL;
13341 }
13342
13343 return __cfg80211_alloc_vendor_skb(rdev, wdev, approxlen, portid, 0,
13344 cmd, attr, info, gfp);
13345 }
13346 EXPORT_SYMBOL(__cfg80211_alloc_event_skb);
13347
__cfg80211_send_event_skb(struct sk_buff * skb,gfp_t gfp)13348 void __cfg80211_send_event_skb(struct sk_buff *skb, gfp_t gfp)
13349 {
13350 struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0];
13351 void *hdr = ((void **)skb->cb)[1];
13352 struct nlmsghdr *nlhdr = nlmsg_hdr(skb);
13353 struct nlattr *data = ((void **)skb->cb)[2];
13354 enum nl80211_multicast_groups mcgrp = NL80211_MCGRP_TESTMODE;
13355
13356 /* clear CB data for netlink core to own from now on */
13357 memset(skb->cb, 0, sizeof(skb->cb));
13358
13359 nla_nest_end(skb, data);
13360 genlmsg_end(skb, hdr);
13361
13362 if (nlhdr->nlmsg_pid) {
13363 genlmsg_unicast(wiphy_net(&rdev->wiphy), skb,
13364 nlhdr->nlmsg_pid);
13365 } else {
13366 if (data->nla_type == NL80211_ATTR_VENDOR_DATA)
13367 mcgrp = NL80211_MCGRP_VENDOR;
13368
13369 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy),
13370 skb, 0, mcgrp, gfp);
13371 }
13372 }
13373 EXPORT_SYMBOL(__cfg80211_send_event_skb);
13374
13375 #ifdef CONFIG_NL80211_TESTMODE
nl80211_testmode_do(struct sk_buff * skb,struct genl_info * info)13376 static int nl80211_testmode_do(struct sk_buff *skb, struct genl_info *info)
13377 {
13378 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13379 struct wireless_dev *wdev;
13380 int err;
13381
13382 lockdep_assert_held(&rdev->wiphy.mtx);
13383
13384 wdev = __cfg80211_wdev_from_attrs(rdev, genl_info_net(info),
13385 info->attrs);
13386
13387 if (!rdev->ops->testmode_cmd)
13388 return -EOPNOTSUPP;
13389
13390 if (IS_ERR(wdev)) {
13391 err = PTR_ERR(wdev);
13392 if (err != -EINVAL)
13393 return err;
13394 wdev = NULL;
13395 } else if (wdev->wiphy != &rdev->wiphy) {
13396 return -EINVAL;
13397 }
13398
13399 if (!info->attrs[NL80211_ATTR_TESTDATA])
13400 return -EINVAL;
13401
13402 rdev->cur_cmd_info = info;
13403 err = rdev_testmode_cmd(rdev, wdev,
13404 nla_data(info->attrs[NL80211_ATTR_TESTDATA]),
13405 nla_len(info->attrs[NL80211_ATTR_TESTDATA]));
13406 rdev->cur_cmd_info = NULL;
13407
13408 return err;
13409 }
13410
nl80211_testmode_dump(struct sk_buff * skb,struct netlink_callback * cb)13411 static int nl80211_testmode_dump(struct sk_buff *skb,
13412 struct netlink_callback *cb)
13413 {
13414 struct cfg80211_registered_device *rdev;
13415 struct nlattr **attrbuf = NULL;
13416 int err;
13417 long phy_idx;
13418 void *data = NULL;
13419 int data_len = 0;
13420
13421 rtnl_lock();
13422
13423 if (cb->args[0]) {
13424 /*
13425 * 0 is a valid index, but not valid for args[0],
13426 * so we need to offset by 1.
13427 */
13428 phy_idx = cb->args[0] - 1;
13429
13430 rdev = cfg80211_rdev_by_wiphy_idx(phy_idx);
13431 if (!rdev) {
13432 err = -ENOENT;
13433 goto out_err;
13434 }
13435 } else {
13436 attrbuf = kzalloc_objs(*attrbuf, NUM_NL80211_ATTR);
13437 if (!attrbuf) {
13438 err = -ENOMEM;
13439 goto out_err;
13440 }
13441
13442 err = nlmsg_parse_deprecated(cb->nlh,
13443 GENL_HDRLEN + nl80211_fam.hdrsize,
13444 attrbuf, nl80211_fam.maxattr,
13445 nl80211_policy, NULL);
13446 if (err)
13447 goto out_err;
13448
13449 rdev = __cfg80211_rdev_from_attrs(sock_net(skb->sk), attrbuf);
13450 if (IS_ERR(rdev)) {
13451 err = PTR_ERR(rdev);
13452 goto out_err;
13453 }
13454 phy_idx = rdev->wiphy_idx;
13455
13456 if (attrbuf[NL80211_ATTR_TESTDATA])
13457 cb->args[1] = (long)attrbuf[NL80211_ATTR_TESTDATA];
13458 }
13459
13460 if (cb->args[1]) {
13461 data = nla_data((void *)cb->args[1]);
13462 data_len = nla_len((void *)cb->args[1]);
13463 }
13464
13465 if (!rdev->ops->testmode_dump) {
13466 err = -EOPNOTSUPP;
13467 goto out_err;
13468 }
13469
13470 while (1) {
13471 void *hdr = nl80211hdr_put(skb, NETLINK_CB(cb->skb).portid,
13472 cb->nlh->nlmsg_seq, NLM_F_MULTI,
13473 NL80211_CMD_TESTMODE);
13474 struct nlattr *tmdata;
13475
13476 if (!hdr)
13477 break;
13478
13479 if (nla_put_u32(skb, NL80211_ATTR_WIPHY, phy_idx)) {
13480 genlmsg_cancel(skb, hdr);
13481 break;
13482 }
13483
13484 tmdata = nla_nest_start_noflag(skb, NL80211_ATTR_TESTDATA);
13485 if (!tmdata) {
13486 genlmsg_cancel(skb, hdr);
13487 break;
13488 }
13489 err = rdev_testmode_dump(rdev, skb, cb, data, data_len);
13490 nla_nest_end(skb, tmdata);
13491
13492 if (err == -ENOBUFS || err == -ENOENT) {
13493 genlmsg_cancel(skb, hdr);
13494 break;
13495 } else if (err) {
13496 genlmsg_cancel(skb, hdr);
13497 goto out_err;
13498 }
13499
13500 genlmsg_end(skb, hdr);
13501 }
13502
13503 err = skb->len;
13504 /* see above */
13505 cb->args[0] = phy_idx + 1;
13506 out_err:
13507 kfree(attrbuf);
13508 rtnl_unlock();
13509 return err;
13510 }
13511 #endif
13512
nl80211_connect(struct sk_buff * skb,struct genl_info * info)13513 static int nl80211_connect(struct sk_buff *skb, struct genl_info *info)
13514 {
13515 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13516 struct net_device *dev = info->user_ptr[1];
13517 struct cfg80211_connect_params connect;
13518 struct wiphy *wiphy;
13519 struct cfg80211_cached_keys *connkeys = NULL;
13520 u32 freq = 0;
13521 int err;
13522
13523 memset(&connect, 0, sizeof(connect));
13524
13525 if (!info->attrs[NL80211_ATTR_SSID] ||
13526 !nla_len(info->attrs[NL80211_ATTR_SSID]))
13527 return -EINVAL;
13528
13529 if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
13530 connect.auth_type =
13531 nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
13532 if (!nl80211_valid_auth_type(rdev, connect.auth_type,
13533 NL80211_CMD_CONNECT))
13534 return -EINVAL;
13535 } else
13536 connect.auth_type = NL80211_AUTHTYPE_AUTOMATIC;
13537
13538 connect.privacy = info->attrs[NL80211_ATTR_PRIVACY];
13539
13540 if (info->attrs[NL80211_ATTR_WANT_1X_4WAY_HS] &&
13541 !wiphy_ext_feature_isset(&rdev->wiphy,
13542 NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X))
13543 return -EINVAL;
13544 connect.want_1x = info->attrs[NL80211_ATTR_WANT_1X_4WAY_HS];
13545
13546 err = nl80211_crypto_settings(rdev, info, &connect.crypto,
13547 NL80211_MAX_NR_CIPHER_SUITES);
13548 if (err)
13549 return err;
13550
13551 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
13552 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
13553 return -EOPNOTSUPP;
13554
13555 wiphy = &rdev->wiphy;
13556
13557 connect.bg_scan_period = -1;
13558 if (info->attrs[NL80211_ATTR_BG_SCAN_PERIOD] &&
13559 (wiphy->flags & WIPHY_FLAG_SUPPORTS_FW_ROAM)) {
13560 connect.bg_scan_period =
13561 nla_get_u16(info->attrs[NL80211_ATTR_BG_SCAN_PERIOD]);
13562 }
13563
13564 if (info->attrs[NL80211_ATTR_MAC])
13565 connect.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
13566 else if (info->attrs[NL80211_ATTR_MAC_HINT])
13567 connect.bssid_hint =
13568 nla_data(info->attrs[NL80211_ATTR_MAC_HINT]);
13569 connect.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
13570 connect.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
13571
13572 if (info->attrs[NL80211_ATTR_IE]) {
13573 connect.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
13574 connect.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
13575 }
13576
13577 if (info->attrs[NL80211_ATTR_USE_MFP]) {
13578 connect.mfp = nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]);
13579 if (connect.mfp == NL80211_MFP_OPTIONAL &&
13580 !wiphy_ext_feature_isset(&rdev->wiphy,
13581 NL80211_EXT_FEATURE_MFP_OPTIONAL))
13582 return -EOPNOTSUPP;
13583 } else {
13584 connect.mfp = NL80211_MFP_NO;
13585 }
13586
13587 if (info->attrs[NL80211_ATTR_PREV_BSSID])
13588 connect.prev_bssid =
13589 nla_data(info->attrs[NL80211_ATTR_PREV_BSSID]);
13590
13591 if (info->attrs[NL80211_ATTR_WIPHY_FREQ])
13592 freq = MHZ_TO_KHZ(nla_get_u32(
13593 info->attrs[NL80211_ATTR_WIPHY_FREQ]));
13594 if (info->attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET])
13595 freq +=
13596 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET]);
13597
13598 if (freq) {
13599 connect.channel = nl80211_get_valid_chan(wiphy, freq);
13600 if (!connect.channel)
13601 return -EINVAL;
13602 } else if (info->attrs[NL80211_ATTR_WIPHY_FREQ_HINT]) {
13603 freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ_HINT]);
13604 freq = MHZ_TO_KHZ(freq);
13605 connect.channel_hint = nl80211_get_valid_chan(wiphy, freq);
13606 if (!connect.channel_hint)
13607 return -EINVAL;
13608 }
13609
13610 if (info->attrs[NL80211_ATTR_WIPHY_EDMG_CHANNELS]) {
13611 connect.edmg.channels =
13612 nla_get_u8(info->attrs[NL80211_ATTR_WIPHY_EDMG_CHANNELS]);
13613
13614 if (info->attrs[NL80211_ATTR_WIPHY_EDMG_BW_CONFIG])
13615 connect.edmg.bw_config =
13616 nla_get_u8(info->attrs[NL80211_ATTR_WIPHY_EDMG_BW_CONFIG]);
13617 }
13618
13619 if (connect.privacy && info->attrs[NL80211_ATTR_KEYS]) {
13620 connkeys = nl80211_parse_connkeys(rdev, info, NULL);
13621 if (IS_ERR(connkeys))
13622 return PTR_ERR(connkeys);
13623 }
13624
13625 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT]))
13626 connect.flags |= ASSOC_REQ_DISABLE_HT;
13627
13628 if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
13629 memcpy(&connect.ht_capa_mask,
13630 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
13631 sizeof(connect.ht_capa_mask));
13632
13633 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
13634 if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]) {
13635 kfree_sensitive(connkeys);
13636 return -EINVAL;
13637 }
13638 memcpy(&connect.ht_capa,
13639 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
13640 sizeof(connect.ht_capa));
13641 }
13642
13643 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_VHT]))
13644 connect.flags |= ASSOC_REQ_DISABLE_VHT;
13645
13646 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HE]))
13647 connect.flags |= ASSOC_REQ_DISABLE_HE;
13648
13649 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_EHT]))
13650 connect.flags |= ASSOC_REQ_DISABLE_EHT;
13651
13652 if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_UHR]))
13653 connect.flags |= ASSOC_REQ_DISABLE_UHR;
13654
13655 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
13656 memcpy(&connect.vht_capa_mask,
13657 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]),
13658 sizeof(connect.vht_capa_mask));
13659
13660 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY]) {
13661 if (!info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]) {
13662 kfree_sensitive(connkeys);
13663 return -EINVAL;
13664 }
13665 memcpy(&connect.vht_capa,
13666 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]),
13667 sizeof(connect.vht_capa));
13668 }
13669
13670 if (nla_get_flag(info->attrs[NL80211_ATTR_USE_RRM])) {
13671 if (!((rdev->wiphy.features &
13672 NL80211_FEATURE_DS_PARAM_SET_IE_IN_PROBES) &&
13673 (rdev->wiphy.features & NL80211_FEATURE_QUIET)) &&
13674 !wiphy_ext_feature_isset(&rdev->wiphy,
13675 NL80211_EXT_FEATURE_RRM)) {
13676 kfree_sensitive(connkeys);
13677 return -EINVAL;
13678 }
13679 connect.flags |= ASSOC_REQ_USE_RRM;
13680 }
13681
13682 connect.pbss = nla_get_flag(info->attrs[NL80211_ATTR_PBSS]);
13683 if (connect.pbss && !rdev->wiphy.bands[NL80211_BAND_60GHZ]) {
13684 kfree_sensitive(connkeys);
13685 return -EOPNOTSUPP;
13686 }
13687
13688 if (info->attrs[NL80211_ATTR_BSS_SELECT]) {
13689 /* bss selection makes no sense if bssid is set */
13690 if (connect.bssid) {
13691 kfree_sensitive(connkeys);
13692 return -EINVAL;
13693 }
13694
13695 err = parse_bss_select(info->attrs[NL80211_ATTR_BSS_SELECT],
13696 wiphy, &connect.bss_select);
13697 if (err) {
13698 kfree_sensitive(connkeys);
13699 return err;
13700 }
13701 }
13702
13703 if (wiphy_ext_feature_isset(&rdev->wiphy,
13704 NL80211_EXT_FEATURE_FILS_SK_OFFLOAD) &&
13705 info->attrs[NL80211_ATTR_FILS_ERP_USERNAME] &&
13706 info->attrs[NL80211_ATTR_FILS_ERP_REALM] &&
13707 info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] &&
13708 info->attrs[NL80211_ATTR_FILS_ERP_RRK]) {
13709 connect.fils_erp_username =
13710 nla_data(info->attrs[NL80211_ATTR_FILS_ERP_USERNAME]);
13711 connect.fils_erp_username_len =
13712 nla_len(info->attrs[NL80211_ATTR_FILS_ERP_USERNAME]);
13713 connect.fils_erp_realm =
13714 nla_data(info->attrs[NL80211_ATTR_FILS_ERP_REALM]);
13715 connect.fils_erp_realm_len =
13716 nla_len(info->attrs[NL80211_ATTR_FILS_ERP_REALM]);
13717 connect.fils_erp_next_seq_num =
13718 nla_get_u16(
13719 info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM]);
13720 connect.fils_erp_rrk =
13721 nla_data(info->attrs[NL80211_ATTR_FILS_ERP_RRK]);
13722 connect.fils_erp_rrk_len =
13723 nla_len(info->attrs[NL80211_ATTR_FILS_ERP_RRK]);
13724 } else if (info->attrs[NL80211_ATTR_FILS_ERP_USERNAME] ||
13725 info->attrs[NL80211_ATTR_FILS_ERP_REALM] ||
13726 info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] ||
13727 info->attrs[NL80211_ATTR_FILS_ERP_RRK]) {
13728 kfree_sensitive(connkeys);
13729 return -EINVAL;
13730 }
13731
13732 if (nla_get_flag(info->attrs[NL80211_ATTR_EXTERNAL_AUTH_SUPPORT])) {
13733 if (!info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
13734 kfree_sensitive(connkeys);
13735 GENL_SET_ERR_MSG(info,
13736 "external auth requires connection ownership");
13737 return -EINVAL;
13738 }
13739 connect.flags |= CONNECT_REQ_EXTERNAL_AUTH_SUPPORT;
13740 }
13741
13742 if (nla_get_flag(info->attrs[NL80211_ATTR_MLO_SUPPORT]))
13743 connect.flags |= CONNECT_REQ_MLO_SUPPORT;
13744
13745 err = cfg80211_connect(rdev, dev, &connect, connkeys,
13746 connect.prev_bssid);
13747 if (err)
13748 kfree_sensitive(connkeys);
13749
13750 if (!err && info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
13751 dev->ieee80211_ptr->conn_owner_nlportid = info->snd_portid;
13752 if (connect.bssid)
13753 memcpy(dev->ieee80211_ptr->disconnect_bssid,
13754 connect.bssid, ETH_ALEN);
13755 else
13756 eth_zero_addr(dev->ieee80211_ptr->disconnect_bssid);
13757 }
13758
13759 return err;
13760 }
13761
nl80211_update_connect_params(struct sk_buff * skb,struct genl_info * info)13762 static int nl80211_update_connect_params(struct sk_buff *skb,
13763 struct genl_info *info)
13764 {
13765 struct cfg80211_connect_params connect = {};
13766 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13767 struct net_device *dev = info->user_ptr[1];
13768 struct wireless_dev *wdev = dev->ieee80211_ptr;
13769 bool fils_sk_offload;
13770 u32 auth_type;
13771 u32 changed = 0;
13772
13773 if (!rdev->ops->update_connect_params)
13774 return -EOPNOTSUPP;
13775
13776 if (info->attrs[NL80211_ATTR_IE]) {
13777 connect.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
13778 connect.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
13779 changed |= UPDATE_ASSOC_IES;
13780 }
13781
13782 fils_sk_offload = wiphy_ext_feature_isset(&rdev->wiphy,
13783 NL80211_EXT_FEATURE_FILS_SK_OFFLOAD);
13784
13785 /*
13786 * when driver supports fils-sk offload all attributes must be
13787 * provided. So the else covers "fils-sk-not-all" and
13788 * "no-fils-sk-any".
13789 */
13790 if (fils_sk_offload &&
13791 info->attrs[NL80211_ATTR_FILS_ERP_USERNAME] &&
13792 info->attrs[NL80211_ATTR_FILS_ERP_REALM] &&
13793 info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] &&
13794 info->attrs[NL80211_ATTR_FILS_ERP_RRK]) {
13795 connect.fils_erp_username =
13796 nla_data(info->attrs[NL80211_ATTR_FILS_ERP_USERNAME]);
13797 connect.fils_erp_username_len =
13798 nla_len(info->attrs[NL80211_ATTR_FILS_ERP_USERNAME]);
13799 connect.fils_erp_realm =
13800 nla_data(info->attrs[NL80211_ATTR_FILS_ERP_REALM]);
13801 connect.fils_erp_realm_len =
13802 nla_len(info->attrs[NL80211_ATTR_FILS_ERP_REALM]);
13803 connect.fils_erp_next_seq_num =
13804 nla_get_u16(
13805 info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM]);
13806 connect.fils_erp_rrk =
13807 nla_data(info->attrs[NL80211_ATTR_FILS_ERP_RRK]);
13808 connect.fils_erp_rrk_len =
13809 nla_len(info->attrs[NL80211_ATTR_FILS_ERP_RRK]);
13810 changed |= UPDATE_FILS_ERP_INFO;
13811 } else if (info->attrs[NL80211_ATTR_FILS_ERP_USERNAME] ||
13812 info->attrs[NL80211_ATTR_FILS_ERP_REALM] ||
13813 info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] ||
13814 info->attrs[NL80211_ATTR_FILS_ERP_RRK]) {
13815 return -EINVAL;
13816 }
13817
13818 if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
13819 auth_type = nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
13820 if (!nl80211_valid_auth_type(rdev, auth_type,
13821 NL80211_CMD_CONNECT))
13822 return -EINVAL;
13823
13824 if (auth_type == NL80211_AUTHTYPE_FILS_SK &&
13825 fils_sk_offload && !(changed & UPDATE_FILS_ERP_INFO))
13826 return -EINVAL;
13827
13828 connect.auth_type = auth_type;
13829 changed |= UPDATE_AUTH_TYPE;
13830 }
13831
13832 if (!wdev->connected)
13833 return -ENOLINK;
13834
13835 return rdev_update_connect_params(rdev, dev, &connect, changed);
13836 }
13837
nl80211_disconnect(struct sk_buff * skb,struct genl_info * info)13838 static int nl80211_disconnect(struct sk_buff *skb, struct genl_info *info)
13839 {
13840 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13841 struct net_device *dev = info->user_ptr[1];
13842 u16 reason;
13843
13844 if (dev->ieee80211_ptr->conn_owner_nlportid &&
13845 dev->ieee80211_ptr->conn_owner_nlportid != info->snd_portid)
13846 return -EPERM;
13847
13848 reason = nla_get_u16_default(info->attrs[NL80211_ATTR_REASON_CODE],
13849 WLAN_REASON_DEAUTH_LEAVING);
13850
13851 if (reason == 0)
13852 return -EINVAL;
13853
13854 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
13855 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
13856 return -EOPNOTSUPP;
13857
13858 return cfg80211_disconnect(rdev, dev, reason, true);
13859 }
13860
nl80211_wiphy_netns(struct sk_buff * skb,struct genl_info * info)13861 static int nl80211_wiphy_netns(struct sk_buff *skb, struct genl_info *info)
13862 {
13863 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13864 struct net *net;
13865 int err;
13866
13867 if (info->attrs[NL80211_ATTR_PID]) {
13868 u32 pid = nla_get_u32(info->attrs[NL80211_ATTR_PID]);
13869
13870 net = get_net_ns_by_pid(pid);
13871 } else if (info->attrs[NL80211_ATTR_NETNS_FD]) {
13872 u32 fd = nla_get_u32(info->attrs[NL80211_ATTR_NETNS_FD]);
13873
13874 net = get_net_ns_by_fd(fd);
13875 } else {
13876 return -EINVAL;
13877 }
13878
13879 if (IS_ERR(net))
13880 return PTR_ERR(net);
13881
13882 /*
13883 * The caller already has CAP_NET_ADMIN over the source netns
13884 * (enforced by GENL_UNS_ADMIN_PERM on the genl op). Mirror the
13885 * convention used by net/core/rtnetlink.c::rtnl_get_net_ns_capable()
13886 * and require CAP_NET_ADMIN over the target netns as well, so that
13887 * a caller that is privileged in their own user namespace cannot
13888 * push a wiphy into a netns where they have no privilege.
13889 */
13890 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) {
13891 put_net(net);
13892 return -EPERM;
13893 }
13894
13895 err = 0;
13896
13897 /* check if anything to do */
13898 if (!net_eq(wiphy_net(&rdev->wiphy), net))
13899 err = cfg80211_switch_netns(rdev, net);
13900
13901 put_net(net);
13902 return err;
13903 }
13904
nl80211_set_pmksa(struct sk_buff * skb,struct genl_info * info)13905 static int nl80211_set_pmksa(struct sk_buff *skb, struct genl_info *info)
13906 {
13907 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13908 struct net_device *dev = info->user_ptr[1];
13909 struct cfg80211_pmksa pmksa;
13910 bool ap_pmksa_caching_support = false;
13911
13912 memset(&pmksa, 0, sizeof(struct cfg80211_pmksa));
13913
13914 ap_pmksa_caching_support = wiphy_ext_feature_isset(&rdev->wiphy,
13915 NL80211_EXT_FEATURE_AP_PMKSA_CACHING);
13916
13917 if (!info->attrs[NL80211_ATTR_PMKID])
13918 return -EINVAL;
13919
13920 pmksa.pmkid = nla_data(info->attrs[NL80211_ATTR_PMKID]);
13921
13922 if (info->attrs[NL80211_ATTR_MAC]) {
13923 pmksa.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
13924 } else if (info->attrs[NL80211_ATTR_SSID] &&
13925 info->attrs[NL80211_ATTR_FILS_CACHE_ID] &&
13926 info->attrs[NL80211_ATTR_PMK]) {
13927 pmksa.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
13928 pmksa.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
13929 pmksa.cache_id = nla_data(info->attrs[NL80211_ATTR_FILS_CACHE_ID]);
13930 } else {
13931 return -EINVAL;
13932 }
13933
13934 if (info->attrs[NL80211_ATTR_PMK]) {
13935 pmksa.pmk = nla_data(info->attrs[NL80211_ATTR_PMK]);
13936 pmksa.pmk_len = nla_len(info->attrs[NL80211_ATTR_PMK]);
13937 }
13938
13939 if (info->attrs[NL80211_ATTR_PMK_LIFETIME])
13940 pmksa.pmk_lifetime =
13941 nla_get_u32(info->attrs[NL80211_ATTR_PMK_LIFETIME]);
13942
13943 if (info->attrs[NL80211_ATTR_PMK_REAUTH_THRESHOLD])
13944 pmksa.pmk_reauth_threshold =
13945 nla_get_u8(info->attrs[NL80211_ATTR_PMK_REAUTH_THRESHOLD]);
13946
13947 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
13948 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT &&
13949 !((dev->ieee80211_ptr->iftype == NL80211_IFTYPE_AP ||
13950 dev->ieee80211_ptr->iftype == NL80211_IFTYPE_P2P_GO) &&
13951 ap_pmksa_caching_support))
13952 return -EOPNOTSUPP;
13953
13954 if (!rdev->ops->set_pmksa)
13955 return -EOPNOTSUPP;
13956
13957 return rdev_set_pmksa(rdev, dev, &pmksa);
13958 }
13959
nl80211_del_pmksa(struct sk_buff * skb,struct genl_info * info)13960 static int nl80211_del_pmksa(struct sk_buff *skb, struct genl_info *info)
13961 {
13962 struct cfg80211_registered_device *rdev = info->user_ptr[0];
13963 struct net_device *dev = info->user_ptr[1];
13964 struct cfg80211_pmksa pmksa;
13965 bool sae_offload_support = false;
13966 bool owe_offload_support = false;
13967 bool ap_pmksa_caching_support = false;
13968
13969 memset(&pmksa, 0, sizeof(struct cfg80211_pmksa));
13970
13971 sae_offload_support = wiphy_ext_feature_isset(&rdev->wiphy,
13972 NL80211_EXT_FEATURE_SAE_OFFLOAD);
13973 owe_offload_support = wiphy_ext_feature_isset(&rdev->wiphy,
13974 NL80211_EXT_FEATURE_OWE_OFFLOAD);
13975 ap_pmksa_caching_support = wiphy_ext_feature_isset(&rdev->wiphy,
13976 NL80211_EXT_FEATURE_AP_PMKSA_CACHING);
13977
13978 if (info->attrs[NL80211_ATTR_PMKID])
13979 pmksa.pmkid = nla_data(info->attrs[NL80211_ATTR_PMKID]);
13980
13981 if (info->attrs[NL80211_ATTR_MAC]) {
13982 pmksa.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
13983 } else if (info->attrs[NL80211_ATTR_SSID]) {
13984 /* SSID based pmksa flush supported only for FILS,
13985 * OWE/SAE OFFLOAD cases
13986 */
13987 if (info->attrs[NL80211_ATTR_FILS_CACHE_ID] &&
13988 info->attrs[NL80211_ATTR_PMK]) {
13989 pmksa.cache_id = nla_data(info->attrs[NL80211_ATTR_FILS_CACHE_ID]);
13990 } else if (!sae_offload_support && !owe_offload_support) {
13991 return -EINVAL;
13992 }
13993 pmksa.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
13994 pmksa.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
13995 } else {
13996 return -EINVAL;
13997 }
13998
13999 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
14000 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT &&
14001 !((dev->ieee80211_ptr->iftype == NL80211_IFTYPE_AP ||
14002 dev->ieee80211_ptr->iftype == NL80211_IFTYPE_P2P_GO) &&
14003 ap_pmksa_caching_support))
14004 return -EOPNOTSUPP;
14005
14006 if (!rdev->ops->del_pmksa)
14007 return -EOPNOTSUPP;
14008
14009 return rdev_del_pmksa(rdev, dev, &pmksa);
14010 }
14011
nl80211_flush_pmksa(struct sk_buff * skb,struct genl_info * info)14012 static int nl80211_flush_pmksa(struct sk_buff *skb, struct genl_info *info)
14013 {
14014 struct cfg80211_registered_device *rdev = info->user_ptr[0];
14015 struct net_device *dev = info->user_ptr[1];
14016
14017 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
14018 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
14019 return -EOPNOTSUPP;
14020
14021 if (!rdev->ops->flush_pmksa)
14022 return -EOPNOTSUPP;
14023
14024 return rdev_flush_pmksa(rdev, dev);
14025 }
14026
nl80211_tdls_mgmt(struct sk_buff * skb,struct genl_info * info)14027 static int nl80211_tdls_mgmt(struct sk_buff *skb, struct genl_info *info)
14028 {
14029 struct cfg80211_registered_device *rdev = info->user_ptr[0];
14030 struct net_device *dev = info->user_ptr[1];
14031 u8 action_code, dialog_token;
14032 u32 peer_capability = 0;
14033 u16 status_code;
14034 u8 *peer;
14035 int link_id;
14036 bool initiator;
14037
14038 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) ||
14039 !rdev->ops->tdls_mgmt)
14040 return -EOPNOTSUPP;
14041
14042 if (!info->attrs[NL80211_ATTR_TDLS_ACTION] ||
14043 !info->attrs[NL80211_ATTR_STATUS_CODE] ||
14044 !info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN] ||
14045 !info->attrs[NL80211_ATTR_IE] ||
14046 !info->attrs[NL80211_ATTR_MAC])
14047 return -EINVAL;
14048
14049 peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
14050 action_code = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_ACTION]);
14051 status_code = nla_get_u16(info->attrs[NL80211_ATTR_STATUS_CODE]);
14052 dialog_token = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN]);
14053 initiator = nla_get_flag(info->attrs[NL80211_ATTR_TDLS_INITIATOR]);
14054 if (info->attrs[NL80211_ATTR_TDLS_PEER_CAPABILITY])
14055 peer_capability =
14056 nla_get_u32(info->attrs[NL80211_ATTR_TDLS_PEER_CAPABILITY]);
14057 link_id = nl80211_link_id_or_invalid(info->attrs);
14058
14059 return rdev_tdls_mgmt(rdev, dev, peer, link_id, action_code,
14060 dialog_token, status_code, peer_capability,
14061 initiator,
14062 nla_data(info->attrs[NL80211_ATTR_IE]),
14063 nla_len(info->attrs[NL80211_ATTR_IE]));
14064 }
14065
nl80211_tdls_oper(struct sk_buff * skb,struct genl_info * info)14066 static int nl80211_tdls_oper(struct sk_buff *skb, struct genl_info *info)
14067 {
14068 struct cfg80211_registered_device *rdev = info->user_ptr[0];
14069 struct net_device *dev = info->user_ptr[1];
14070 enum nl80211_tdls_operation operation;
14071 u8 *peer;
14072
14073 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) ||
14074 !rdev->ops->tdls_oper)
14075 return -EOPNOTSUPP;
14076
14077 if (!info->attrs[NL80211_ATTR_TDLS_OPERATION] ||
14078 !info->attrs[NL80211_ATTR_MAC])
14079 return -EINVAL;
14080
14081 operation = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_OPERATION]);
14082 peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
14083
14084 return rdev_tdls_oper(rdev, dev, peer, operation);
14085 }
14086
nl80211_remain_on_channel(struct sk_buff * skb,struct genl_info * info)14087 static int nl80211_remain_on_channel(struct sk_buff *skb,
14088 struct genl_info *info)
14089 {
14090 struct cfg80211_registered_device *rdev = info->user_ptr[0];
14091 unsigned int link_id = nl80211_link_id(info->attrs);
14092 struct wireless_dev *wdev = info->user_ptr[1];
14093 struct cfg80211_chan_def chandef;
14094 struct sk_buff *msg;
14095 void *hdr;
14096 u64 cookie;
14097 u32 duration;
14098 int err;
14099
14100 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] ||
14101 !info->attrs[NL80211_ATTR_DURATION])
14102 return -EINVAL;
14103
14104 duration = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]);
14105
14106 if (!rdev->ops->remain_on_channel ||
14107 !(rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL))
14108 return -EOPNOTSUPP;
14109
14110 /*
14111 * We should be on that channel for at least a minimum amount of
14112 * time (10ms) but no longer than the driver supports.
14113 */
14114 if (duration < NL80211_MIN_REMAIN_ON_CHANNEL_TIME ||
14115 duration > rdev->wiphy.max_remain_on_channel_duration)
14116 return -EINVAL;
14117
14118 err = nl80211_parse_chandef(rdev, info->extack, info->attrs, &chandef);
14119 if (err)
14120 return err;
14121
14122 if (!cfg80211_off_channel_oper_allowed(wdev, chandef.chan)) {
14123 const struct cfg80211_chan_def *oper_chandef, *compat_chandef;
14124
14125 oper_chandef = wdev_chandef(wdev, link_id);
14126
14127 if (WARN_ON(!oper_chandef)) {
14128 /* cannot happen since we must beacon to get here */
14129 WARN_ON(1);
14130 return -EBUSY;
14131 }
14132
14133 /* note: returns first one if identical chandefs */
14134 compat_chandef = cfg80211_chandef_compatible(&chandef,
14135 oper_chandef);
14136
14137 if (compat_chandef != &chandef)
14138 return -EBUSY;
14139 }
14140
14141 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
14142 if (!msg)
14143 return -ENOMEM;
14144
14145 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
14146 NL80211_CMD_REMAIN_ON_CHANNEL);
14147 if (!hdr) {
14148 err = -ENOBUFS;
14149 goto free_msg;
14150 }
14151
14152 err = rdev_remain_on_channel(rdev, wdev, chandef.chan,
14153 duration, &cookie);
14154
14155 if (err)
14156 goto free_msg;
14157
14158 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
14159 NL80211_ATTR_PAD))
14160 goto nla_put_failure;
14161
14162 genlmsg_end(msg, hdr);
14163
14164 return genlmsg_reply(msg, info);
14165
14166 nla_put_failure:
14167 err = -ENOBUFS;
14168 free_msg:
14169 nlmsg_free(msg);
14170 return err;
14171 }
14172
nl80211_cancel_remain_on_channel(struct sk_buff * skb,struct genl_info * info)14173 static int nl80211_cancel_remain_on_channel(struct sk_buff *skb,
14174 struct genl_info *info)
14175 {
14176 struct cfg80211_registered_device *rdev = info->user_ptr[0];
14177 struct wireless_dev *wdev = info->user_ptr[1];
14178 u64 cookie;
14179
14180 if (!info->attrs[NL80211_ATTR_COOKIE])
14181 return -EINVAL;
14182
14183 if (!rdev->ops->cancel_remain_on_channel)
14184 return -EOPNOTSUPP;
14185
14186 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
14187
14188 return rdev_cancel_remain_on_channel(rdev, wdev, cookie);
14189 }
14190
nl80211_set_tx_bitrate_mask(struct sk_buff * skb,struct genl_info * info)14191 static int nl80211_set_tx_bitrate_mask(struct sk_buff *skb,
14192 struct genl_info *info)
14193 {
14194 struct cfg80211_bitrate_mask mask;
14195 unsigned int link_id = nl80211_link_id(info->attrs);
14196 struct cfg80211_registered_device *rdev = info->user_ptr[0];
14197 struct net_device *dev = info->user_ptr[1];
14198 int err;
14199
14200 if (!rdev->ops->set_bitrate_mask)
14201 return -EOPNOTSUPP;
14202
14203 err = nl80211_parse_tx_bitrate_mask(info, info->attrs,
14204 NL80211_ATTR_TX_RATES, &mask,
14205 dev, true, link_id);
14206 if (err)
14207 return err;
14208
14209 return rdev_set_bitrate_mask(rdev, dev, link_id, NULL, &mask);
14210 }
14211
nl80211_register_mgmt(struct sk_buff * skb,struct genl_info * info)14212 static int nl80211_register_mgmt(struct sk_buff *skb, struct genl_info *info)
14213 {
14214 struct cfg80211_registered_device *rdev = info->user_ptr[0];
14215 struct wireless_dev *wdev = info->user_ptr[1];
14216 u16 frame_type = IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_ACTION;
14217
14218 if (!info->attrs[NL80211_ATTR_FRAME_MATCH])
14219 return -EINVAL;
14220
14221 if (info->attrs[NL80211_ATTR_FRAME_TYPE])
14222 frame_type = nla_get_u16(info->attrs[NL80211_ATTR_FRAME_TYPE]);
14223
14224 switch (wdev->iftype) {
14225 case NL80211_IFTYPE_STATION:
14226 case NL80211_IFTYPE_ADHOC:
14227 case NL80211_IFTYPE_P2P_CLIENT:
14228 case NL80211_IFTYPE_AP:
14229 case NL80211_IFTYPE_AP_VLAN:
14230 case NL80211_IFTYPE_MESH_POINT:
14231 case NL80211_IFTYPE_P2P_GO:
14232 case NL80211_IFTYPE_P2P_DEVICE:
14233 break;
14234 case NL80211_IFTYPE_NAN:
14235 case NL80211_IFTYPE_NAN_DATA:
14236 if (!wiphy_ext_feature_isset(wdev->wiphy,
14237 NL80211_EXT_FEATURE_SECURE_NAN) &&
14238 !(wdev->wiphy->nan_capa.flags &
14239 WIPHY_NAN_FLAGS_USERSPACE_DE))
14240 return -EOPNOTSUPP;
14241 break;
14242 default:
14243 return -EOPNOTSUPP;
14244 }
14245
14246 /* not much point in registering if we can't reply */
14247 if (!rdev->ops->mgmt_tx)
14248 return -EOPNOTSUPP;
14249
14250 if (info->attrs[NL80211_ATTR_RECEIVE_MULTICAST] &&
14251 !wiphy_ext_feature_isset(&rdev->wiphy,
14252 NL80211_EXT_FEATURE_MULTICAST_REGISTRATIONS)) {
14253 GENL_SET_ERR_MSG(info,
14254 "multicast RX registrations are not supported");
14255 return -EOPNOTSUPP;
14256 }
14257
14258 return cfg80211_mlme_register_mgmt(wdev, info->snd_portid, frame_type,
14259 nla_data(info->attrs[NL80211_ATTR_FRAME_MATCH]),
14260 nla_len(info->attrs[NL80211_ATTR_FRAME_MATCH]),
14261 info->attrs[NL80211_ATTR_RECEIVE_MULTICAST],
14262 info->extack);
14263 }
14264
nl80211_tx_mgmt(struct sk_buff * skb,struct genl_info * info)14265 static int nl80211_tx_mgmt(struct sk_buff *skb, struct genl_info *info)
14266 {
14267 struct cfg80211_registered_device *rdev = info->user_ptr[0];
14268 struct wireless_dev *wdev = info->user_ptr[1];
14269 struct cfg80211_chan_def chandef;
14270 int err;
14271 void *hdr = NULL;
14272 u64 cookie;
14273 struct sk_buff *msg = NULL;
14274 struct cfg80211_mgmt_tx_params params = {
14275 .dont_wait_for_ack =
14276 info->attrs[NL80211_ATTR_DONT_WAIT_FOR_ACK],
14277 };
14278
14279 if (!info->attrs[NL80211_ATTR_FRAME])
14280 return -EINVAL;
14281
14282 if (!rdev->ops->mgmt_tx)
14283 return -EOPNOTSUPP;
14284
14285 switch (wdev->iftype) {
14286 case NL80211_IFTYPE_P2P_DEVICE:
14287 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
14288 return -EINVAL;
14289 break;
14290 case NL80211_IFTYPE_STATION:
14291 case NL80211_IFTYPE_ADHOC:
14292 case NL80211_IFTYPE_P2P_CLIENT:
14293 case NL80211_IFTYPE_AP:
14294 case NL80211_IFTYPE_AP_VLAN:
14295 case NL80211_IFTYPE_MESH_POINT:
14296 case NL80211_IFTYPE_P2P_GO:
14297 break;
14298 case NL80211_IFTYPE_NAN:
14299 case NL80211_IFTYPE_NAN_DATA:
14300 if (!wiphy_ext_feature_isset(wdev->wiphy,
14301 NL80211_EXT_FEATURE_SECURE_NAN) &&
14302 !(wdev->wiphy->nan_capa.flags &
14303 WIPHY_NAN_FLAGS_USERSPACE_DE))
14304 return -EOPNOTSUPP;
14305 break;
14306 default:
14307 return -EOPNOTSUPP;
14308 }
14309
14310 if (info->attrs[NL80211_ATTR_DURATION]) {
14311 if (!(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX))
14312 return -EINVAL;
14313 params.wait = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]);
14314
14315 /*
14316 * We should wait on the channel for at least a minimum amount
14317 * of time (10ms) but no longer than the driver supports.
14318 */
14319 if (params.wait < NL80211_MIN_REMAIN_ON_CHANNEL_TIME ||
14320 params.wait > rdev->wiphy.max_remain_on_channel_duration)
14321 return -EINVAL;
14322 }
14323
14324 params.offchan = info->attrs[NL80211_ATTR_OFFCHANNEL_TX_OK];
14325
14326 if (params.offchan && !(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX))
14327 return -EINVAL;
14328
14329 params.no_cck = nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]);
14330
14331 /* get the channel if any has been specified, otherwise pass NULL to
14332 * the driver. The latter will use the current one
14333 */
14334 chandef.chan = NULL;
14335 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
14336 err = nl80211_parse_chandef(rdev, info->extack, info->attrs,
14337 &chandef);
14338 if (err)
14339 return err;
14340 }
14341
14342 if (!chandef.chan && params.offchan)
14343 return -EINVAL;
14344
14345 if (params.offchan &&
14346 !cfg80211_off_channel_oper_allowed(wdev, chandef.chan))
14347 return -EBUSY;
14348
14349 params.link_id = nl80211_link_id_or_invalid(info->attrs);
14350 /*
14351 * This now races due to the unlock, but we cannot check
14352 * the valid links for the _station_ anyway, so that's up
14353 * to the driver.
14354 */
14355 if (params.link_id >= 0 &&
14356 !(wdev->valid_links & BIT(params.link_id)))
14357 return -EINVAL;
14358
14359 params.buf = nla_data(info->attrs[NL80211_ATTR_FRAME]);
14360 params.len = nla_len(info->attrs[NL80211_ATTR_FRAME]);
14361
14362 err = nl80211_parse_counter_offsets(rdev, NULL, params.len, -1,
14363 info->attrs[NL80211_ATTR_CSA_C_OFFSETS_TX],
14364 ¶ms.csa_offsets,
14365 ¶ms.n_csa_offsets);
14366 if (err)
14367 return err;
14368
14369 if (!params.dont_wait_for_ack) {
14370 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
14371 if (!msg)
14372 return -ENOMEM;
14373
14374 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
14375 NL80211_CMD_FRAME);
14376 if (!hdr) {
14377 err = -ENOBUFS;
14378 goto free_msg;
14379 }
14380 }
14381
14382 params.chan = chandef.chan;
14383 err = cfg80211_mlme_mgmt_tx(rdev, wdev, ¶ms, &cookie);
14384 if (err)
14385 goto free_msg;
14386
14387 if (msg) {
14388 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
14389 NL80211_ATTR_PAD))
14390 goto nla_put_failure;
14391
14392 genlmsg_end(msg, hdr);
14393 return genlmsg_reply(msg, info);
14394 }
14395
14396 return 0;
14397
14398 nla_put_failure:
14399 err = -ENOBUFS;
14400 free_msg:
14401 nlmsg_free(msg);
14402 return err;
14403 }
14404
nl80211_tx_mgmt_cancel_wait(struct sk_buff * skb,struct genl_info * info)14405 static int nl80211_tx_mgmt_cancel_wait(struct sk_buff *skb, struct genl_info *info)
14406 {
14407 struct cfg80211_registered_device *rdev = info->user_ptr[0];
14408 struct wireless_dev *wdev = info->user_ptr[1];
14409 u64 cookie;
14410
14411 if (!info->attrs[NL80211_ATTR_COOKIE])
14412 return -EINVAL;
14413
14414 if (!rdev->ops->mgmt_tx_cancel_wait)
14415 return -EOPNOTSUPP;
14416
14417 switch (wdev->iftype) {
14418 case NL80211_IFTYPE_STATION:
14419 case NL80211_IFTYPE_ADHOC:
14420 case NL80211_IFTYPE_P2P_CLIENT:
14421 case NL80211_IFTYPE_AP:
14422 case NL80211_IFTYPE_AP_VLAN:
14423 case NL80211_IFTYPE_P2P_GO:
14424 case NL80211_IFTYPE_P2P_DEVICE:
14425 break;
14426 case NL80211_IFTYPE_NAN:
14427 if (!wiphy_ext_feature_isset(wdev->wiphy,
14428 NL80211_EXT_FEATURE_SECURE_NAN))
14429 return -EOPNOTSUPP;
14430 break;
14431 default:
14432 return -EOPNOTSUPP;
14433 }
14434
14435 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
14436
14437 return rdev_mgmt_tx_cancel_wait(rdev, wdev, cookie);
14438 }
14439
nl80211_set_power_save(struct sk_buff * skb,struct genl_info * info)14440 static int nl80211_set_power_save(struct sk_buff *skb, struct genl_info *info)
14441 {
14442 struct cfg80211_registered_device *rdev = info->user_ptr[0];
14443 struct wireless_dev *wdev;
14444 struct net_device *dev = info->user_ptr[1];
14445 u8 ps_state;
14446 bool state;
14447 int err;
14448
14449 if (!info->attrs[NL80211_ATTR_PS_STATE])
14450 return -EINVAL;
14451
14452 ps_state = nla_get_u32(info->attrs[NL80211_ATTR_PS_STATE]);
14453
14454 wdev = dev->ieee80211_ptr;
14455
14456 if (!rdev->ops->set_power_mgmt)
14457 return -EOPNOTSUPP;
14458
14459 state = (ps_state == NL80211_PS_ENABLED) ? true : false;
14460
14461 if (state == wdev->ps)
14462 return 0;
14463
14464 err = rdev_set_power_mgmt(rdev, dev, state, wdev->ps_timeout);
14465 if (!err)
14466 wdev->ps = state;
14467 return err;
14468 }
14469
nl80211_get_power_save(struct sk_buff * skb,struct genl_info * info)14470 static int nl80211_get_power_save(struct sk_buff *skb, struct genl_info *info)
14471 {
14472 struct cfg80211_registered_device *rdev = info->user_ptr[0];
14473 enum nl80211_ps_state ps_state;
14474 struct wireless_dev *wdev;
14475 struct net_device *dev = info->user_ptr[1];
14476 struct sk_buff *msg;
14477 void *hdr;
14478 int err;
14479
14480 wdev = dev->ieee80211_ptr;
14481
14482 if (!rdev->ops->set_power_mgmt)
14483 return -EOPNOTSUPP;
14484
14485 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
14486 if (!msg)
14487 return -ENOMEM;
14488
14489 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
14490 NL80211_CMD_GET_POWER_SAVE);
14491 if (!hdr) {
14492 err = -ENOBUFS;
14493 goto free_msg;
14494 }
14495
14496 if (wdev->ps)
14497 ps_state = NL80211_PS_ENABLED;
14498 else
14499 ps_state = NL80211_PS_DISABLED;
14500
14501 if (nla_put_u32(msg, NL80211_ATTR_PS_STATE, ps_state))
14502 goto nla_put_failure;
14503
14504 genlmsg_end(msg, hdr);
14505 return genlmsg_reply(msg, info);
14506
14507 nla_put_failure:
14508 err = -ENOBUFS;
14509 free_msg:
14510 nlmsg_free(msg);
14511 return err;
14512 }
14513
14514 static const struct nla_policy
14515 nl80211_attr_cqm_policy[NL80211_ATTR_CQM_MAX + 1] = {
14516 [NL80211_ATTR_CQM_RSSI_THOLD] = { .type = NLA_BINARY },
14517 [NL80211_ATTR_CQM_RSSI_HYST] = { .type = NLA_U32 },
14518 [NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] = { .type = NLA_U32 },
14519 [NL80211_ATTR_CQM_TXE_RATE] = { .type = NLA_U32 },
14520 [NL80211_ATTR_CQM_TXE_PKTS] = { .type = NLA_U32 },
14521 [NL80211_ATTR_CQM_TXE_INTVL] = { .type = NLA_U32 },
14522 [NL80211_ATTR_CQM_RSSI_LEVEL] = { .type = NLA_S32 },
14523 };
14524
nl80211_set_cqm_txe(struct genl_info * info,u32 rate,u32 pkts,u32 intvl)14525 static int nl80211_set_cqm_txe(struct genl_info *info,
14526 u32 rate, u32 pkts, u32 intvl)
14527 {
14528 struct cfg80211_registered_device *rdev = info->user_ptr[0];
14529 struct net_device *dev = info->user_ptr[1];
14530 struct wireless_dev *wdev = dev->ieee80211_ptr;
14531
14532 if (rate > 100 || intvl > NL80211_CQM_TXE_MAX_INTVL)
14533 return -EINVAL;
14534
14535 if (!rdev->ops->set_cqm_txe_config)
14536 return -EOPNOTSUPP;
14537
14538 if (wdev->iftype != NL80211_IFTYPE_STATION &&
14539 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
14540 return -EOPNOTSUPP;
14541
14542 return rdev_set_cqm_txe_config(rdev, dev, rate, pkts, intvl);
14543 }
14544
cfg80211_cqm_rssi_update(struct cfg80211_registered_device * rdev,struct net_device * dev,struct cfg80211_cqm_config * cqm_config)14545 static int cfg80211_cqm_rssi_update(struct cfg80211_registered_device *rdev,
14546 struct net_device *dev,
14547 struct cfg80211_cqm_config *cqm_config)
14548 {
14549 struct wireless_dev *wdev = dev->ieee80211_ptr;
14550 s32 last, low, high;
14551 u32 hyst;
14552 int i, n, low_index;
14553 int err;
14554
14555 /*
14556 * Obtain current RSSI value if possible, if not and no RSSI threshold
14557 * event has been received yet, we should receive an event after a
14558 * connection is established and enough beacons received to calculate
14559 * the average.
14560 */
14561 if (!cqm_config->last_rssi_event_value &&
14562 wdev->links[0].client.current_bss &&
14563 rdev->ops->get_station) {
14564 struct station_info sinfo = {};
14565 u8 *mac_addr;
14566
14567 mac_addr = wdev->links[0].client.current_bss->pub.bssid;
14568
14569 err = rdev_get_station(rdev, wdev, mac_addr, &sinfo);
14570 if (err)
14571 return err;
14572
14573 cfg80211_sinfo_release_content(&sinfo);
14574 if (sinfo.filled & BIT_ULL(NL80211_STA_INFO_BEACON_SIGNAL_AVG))
14575 cqm_config->last_rssi_event_value =
14576 (s8) sinfo.rx_beacon_signal_avg;
14577 }
14578
14579 last = cqm_config->last_rssi_event_value;
14580 hyst = cqm_config->rssi_hyst;
14581 n = cqm_config->n_rssi_thresholds;
14582
14583 for (i = 0; i < n; i++) {
14584 i = array_index_nospec(i, n);
14585 if (last < cqm_config->rssi_thresholds[i])
14586 break;
14587 }
14588
14589 low_index = i - 1;
14590 if (low_index >= 0) {
14591 low_index = array_index_nospec(low_index, n);
14592 low = cqm_config->rssi_thresholds[low_index] - hyst;
14593 } else {
14594 low = S32_MIN;
14595 }
14596 if (i < n) {
14597 i = array_index_nospec(i, n);
14598 high = cqm_config->rssi_thresholds[i] + hyst - 1;
14599 } else {
14600 high = S32_MAX;
14601 }
14602
14603 return rdev_set_cqm_rssi_range_config(rdev, dev, low, high);
14604 }
14605
nl80211_set_cqm_rssi(struct genl_info * info,const s32 * thresholds,int n_thresholds,u32 hysteresis)14606 static int nl80211_set_cqm_rssi(struct genl_info *info,
14607 const s32 *thresholds, int n_thresholds,
14608 u32 hysteresis)
14609 {
14610 struct cfg80211_registered_device *rdev = info->user_ptr[0];
14611 struct cfg80211_cqm_config *cqm_config = NULL, *old;
14612 struct net_device *dev = info->user_ptr[1];
14613 struct wireless_dev *wdev = dev->ieee80211_ptr;
14614 s32 prev = S32_MIN;
14615 int i, err;
14616
14617 /* Check all values negative and sorted */
14618 for (i = 0; i < n_thresholds; i++) {
14619 if (thresholds[i] > 0 || thresholds[i] <= prev)
14620 return -EINVAL;
14621
14622 prev = thresholds[i];
14623 }
14624
14625 if (wdev->iftype != NL80211_IFTYPE_STATION &&
14626 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
14627 return -EOPNOTSUPP;
14628
14629 if (n_thresholds == 1 && thresholds[0] == 0) /* Disabling */
14630 n_thresholds = 0;
14631
14632 old = wiphy_dereference(wdev->wiphy, wdev->cqm_config);
14633
14634 /* if already disabled just succeed */
14635 if (!n_thresholds && !old)
14636 return 0;
14637
14638 if (n_thresholds > 1) {
14639 if (!wiphy_ext_feature_isset(&rdev->wiphy,
14640 NL80211_EXT_FEATURE_CQM_RSSI_LIST) ||
14641 !rdev->ops->set_cqm_rssi_range_config)
14642 return -EOPNOTSUPP;
14643 } else {
14644 if (!rdev->ops->set_cqm_rssi_config)
14645 return -EOPNOTSUPP;
14646 }
14647
14648 if (n_thresholds) {
14649 cqm_config = kzalloc_flex(*cqm_config, rssi_thresholds,
14650 n_thresholds);
14651 if (!cqm_config)
14652 return -ENOMEM;
14653
14654 cqm_config->rssi_hyst = hysteresis;
14655 cqm_config->n_rssi_thresholds = n_thresholds;
14656 memcpy(cqm_config->rssi_thresholds, thresholds,
14657 flex_array_size(cqm_config, rssi_thresholds,
14658 n_thresholds));
14659 cqm_config->use_range_api = n_thresholds > 1 ||
14660 !rdev->ops->set_cqm_rssi_config;
14661
14662 rcu_assign_pointer(wdev->cqm_config, cqm_config);
14663
14664 if (cqm_config->use_range_api)
14665 err = cfg80211_cqm_rssi_update(rdev, dev, cqm_config);
14666 else
14667 err = rdev_set_cqm_rssi_config(rdev, dev,
14668 thresholds[0],
14669 hysteresis);
14670 } else {
14671 RCU_INIT_POINTER(wdev->cqm_config, NULL);
14672 /* if enabled as range also disable via range */
14673 if (old->use_range_api)
14674 err = rdev_set_cqm_rssi_range_config(rdev, dev, 0, 0);
14675 else
14676 err = rdev_set_cqm_rssi_config(rdev, dev, 0, 0);
14677 }
14678
14679 if (err) {
14680 rcu_assign_pointer(wdev->cqm_config, old);
14681 kfree_rcu(cqm_config, rcu_head);
14682 } else {
14683 kfree_rcu(old, rcu_head);
14684 }
14685
14686 return err;
14687 }
14688
nl80211_set_cqm(struct sk_buff * skb,struct genl_info * info)14689 static int nl80211_set_cqm(struct sk_buff *skb, struct genl_info *info)
14690 {
14691 struct nlattr *attrs[NL80211_ATTR_CQM_MAX + 1];
14692 struct nlattr *cqm;
14693 int err;
14694
14695 cqm = info->attrs[NL80211_ATTR_CQM];
14696 if (!cqm)
14697 return -EINVAL;
14698
14699 err = nla_parse_nested_deprecated(attrs, NL80211_ATTR_CQM_MAX, cqm,
14700 nl80211_attr_cqm_policy,
14701 info->extack);
14702 if (err)
14703 return err;
14704
14705 if (attrs[NL80211_ATTR_CQM_RSSI_THOLD] &&
14706 attrs[NL80211_ATTR_CQM_RSSI_HYST]) {
14707 const s32 *thresholds =
14708 nla_data(attrs[NL80211_ATTR_CQM_RSSI_THOLD]);
14709 int len = nla_len(attrs[NL80211_ATTR_CQM_RSSI_THOLD]);
14710 u32 hysteresis = nla_get_u32(attrs[NL80211_ATTR_CQM_RSSI_HYST]);
14711
14712 if (len % 4)
14713 return -EINVAL;
14714
14715 return nl80211_set_cqm_rssi(info, thresholds, len / 4,
14716 hysteresis);
14717 }
14718
14719 if (attrs[NL80211_ATTR_CQM_TXE_RATE] &&
14720 attrs[NL80211_ATTR_CQM_TXE_PKTS] &&
14721 attrs[NL80211_ATTR_CQM_TXE_INTVL]) {
14722 u32 rate = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_RATE]);
14723 u32 pkts = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_PKTS]);
14724 u32 intvl = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_INTVL]);
14725
14726 return nl80211_set_cqm_txe(info, rate, pkts, intvl);
14727 }
14728
14729 return -EINVAL;
14730 }
14731
nl80211_join_ocb(struct sk_buff * skb,struct genl_info * info)14732 static int nl80211_join_ocb(struct sk_buff *skb, struct genl_info *info)
14733 {
14734 struct cfg80211_registered_device *rdev = info->user_ptr[0];
14735 struct net_device *dev = info->user_ptr[1];
14736 struct ocb_setup setup = {};
14737 int err;
14738
14739 err = nl80211_parse_chandef(rdev, info->extack, info->attrs,
14740 &setup.chandef);
14741 if (err)
14742 return err;
14743
14744 return cfg80211_join_ocb(rdev, dev, &setup);
14745 }
14746
nl80211_leave_ocb(struct sk_buff * skb,struct genl_info * info)14747 static int nl80211_leave_ocb(struct sk_buff *skb, struct genl_info *info)
14748 {
14749 struct cfg80211_registered_device *rdev = info->user_ptr[0];
14750 struct net_device *dev = info->user_ptr[1];
14751
14752 return cfg80211_leave_ocb(rdev, dev);
14753 }
14754
nl80211_join_mesh(struct sk_buff * skb,struct genl_info * info)14755 static int nl80211_join_mesh(struct sk_buff *skb, struct genl_info *info)
14756 {
14757 struct cfg80211_registered_device *rdev = info->user_ptr[0];
14758 struct net_device *dev = info->user_ptr[1];
14759 struct mesh_config cfg;
14760 struct mesh_setup setup;
14761 int err;
14762
14763 /* start with default */
14764 memcpy(&cfg, &default_mesh_config, sizeof(cfg));
14765 memcpy(&setup, &default_mesh_setup, sizeof(setup));
14766
14767 if (info->attrs[NL80211_ATTR_MESH_CONFIG]) {
14768 /* and parse parameters if given */
14769 err = nl80211_parse_mesh_config(info, &cfg, NULL);
14770 if (err)
14771 return err;
14772 }
14773
14774 if (!info->attrs[NL80211_ATTR_MESH_ID] ||
14775 !nla_len(info->attrs[NL80211_ATTR_MESH_ID]))
14776 return -EINVAL;
14777
14778 setup.mesh_id = nla_data(info->attrs[NL80211_ATTR_MESH_ID]);
14779 setup.mesh_id_len = nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
14780
14781 if (info->attrs[NL80211_ATTR_MCAST_RATE] &&
14782 !nl80211_parse_mcast_rate(rdev, setup.mcast_rate,
14783 nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE])))
14784 return -EINVAL;
14785
14786 if (info->attrs[NL80211_ATTR_BEACON_INTERVAL]) {
14787 setup.beacon_interval =
14788 nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
14789
14790 err = cfg80211_validate_beacon_int(rdev,
14791 NL80211_IFTYPE_MESH_POINT,
14792 setup.beacon_interval);
14793 if (err)
14794 return err;
14795 }
14796
14797 if (info->attrs[NL80211_ATTR_DTIM_PERIOD]) {
14798 setup.dtim_period =
14799 nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]);
14800 if (setup.dtim_period < 1 || setup.dtim_period > 100)
14801 return -EINVAL;
14802 }
14803
14804 if (info->attrs[NL80211_ATTR_MESH_SETUP]) {
14805 /* parse additional setup parameters if given */
14806 err = nl80211_parse_mesh_setup(info, &setup);
14807 if (err)
14808 return err;
14809 }
14810
14811 if (setup.user_mpm)
14812 cfg.auto_open_plinks = false;
14813
14814 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
14815 err = nl80211_parse_chandef(rdev, info->extack, info->attrs,
14816 &setup.chandef);
14817 if (err)
14818 return err;
14819 } else {
14820 /* __cfg80211_join_mesh() will sort it out */
14821 setup.chandef.chan = NULL;
14822 }
14823
14824 if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
14825 u8 *rates = nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
14826 int n_rates =
14827 nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
14828 struct ieee80211_supported_band *sband;
14829
14830 if (!setup.chandef.chan)
14831 return -EINVAL;
14832
14833 sband = rdev->wiphy.bands[setup.chandef.chan->band];
14834
14835 err = ieee80211_get_ratemask(sband, rates, n_rates,
14836 &setup.basic_rates);
14837 if (err)
14838 return err;
14839 }
14840
14841 if (info->attrs[NL80211_ATTR_TX_RATES]) {
14842 err = nl80211_parse_tx_bitrate_mask(info, info->attrs,
14843 NL80211_ATTR_TX_RATES,
14844 &setup.beacon_rate,
14845 dev, false, 0);
14846 if (err)
14847 return err;
14848
14849 if (!setup.chandef.chan)
14850 return -EINVAL;
14851
14852 err = validate_beacon_tx_rate(rdev, setup.chandef.chan->band,
14853 &setup.beacon_rate);
14854 if (err)
14855 return err;
14856 }
14857
14858 setup.userspace_handles_dfs =
14859 nla_get_flag(info->attrs[NL80211_ATTR_HANDLE_DFS]);
14860
14861 if (info->attrs[NL80211_ATTR_CONTROL_PORT_OVER_NL80211]) {
14862 int r = validate_pae_over_nl80211(rdev, info);
14863
14864 if (r < 0)
14865 return r;
14866
14867 setup.control_port_over_nl80211 = true;
14868 }
14869
14870 err = __cfg80211_join_mesh(rdev, dev, &setup, &cfg);
14871 if (!err && info->attrs[NL80211_ATTR_SOCKET_OWNER])
14872 dev->ieee80211_ptr->conn_owner_nlportid = info->snd_portid;
14873
14874 return err;
14875 }
14876
nl80211_leave_mesh(struct sk_buff * skb,struct genl_info * info)14877 static int nl80211_leave_mesh(struct sk_buff *skb, struct genl_info *info)
14878 {
14879 struct cfg80211_registered_device *rdev = info->user_ptr[0];
14880 struct net_device *dev = info->user_ptr[1];
14881
14882 return cfg80211_leave_mesh(rdev, dev);
14883 }
14884
14885 #ifdef CONFIG_PM
nl80211_send_wowlan_patterns(struct sk_buff * msg,struct cfg80211_registered_device * rdev)14886 static int nl80211_send_wowlan_patterns(struct sk_buff *msg,
14887 struct cfg80211_registered_device *rdev)
14888 {
14889 struct cfg80211_wowlan *wowlan = rdev->wiphy.wowlan_config;
14890 struct nlattr *nl_pats, *nl_pat;
14891 int i, pat_len;
14892
14893 if (!wowlan->n_patterns)
14894 return 0;
14895
14896 nl_pats = nla_nest_start_noflag(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN);
14897 if (!nl_pats)
14898 return -ENOBUFS;
14899
14900 for (i = 0; i < wowlan->n_patterns; i++) {
14901 nl_pat = nla_nest_start_noflag(msg, i + 1);
14902 if (!nl_pat)
14903 return -ENOBUFS;
14904 pat_len = wowlan->patterns[i].pattern_len;
14905 if (nla_put(msg, NL80211_PKTPAT_MASK, DIV_ROUND_UP(pat_len, 8),
14906 wowlan->patterns[i].mask) ||
14907 nla_put(msg, NL80211_PKTPAT_PATTERN, pat_len,
14908 wowlan->patterns[i].pattern) ||
14909 nla_put_u32(msg, NL80211_PKTPAT_OFFSET,
14910 wowlan->patterns[i].pkt_offset))
14911 return -ENOBUFS;
14912 nla_nest_end(msg, nl_pat);
14913 }
14914 nla_nest_end(msg, nl_pats);
14915
14916 return 0;
14917 }
14918
nl80211_send_wowlan_tcp(struct sk_buff * msg,struct cfg80211_wowlan_tcp * tcp)14919 static int nl80211_send_wowlan_tcp(struct sk_buff *msg,
14920 struct cfg80211_wowlan_tcp *tcp)
14921 {
14922 struct nlattr *nl_tcp;
14923
14924 if (!tcp)
14925 return 0;
14926
14927 nl_tcp = nla_nest_start_noflag(msg,
14928 NL80211_WOWLAN_TRIG_TCP_CONNECTION);
14929 if (!nl_tcp)
14930 return -ENOBUFS;
14931
14932 if (nla_put_in_addr(msg, NL80211_WOWLAN_TCP_SRC_IPV4, tcp->src) ||
14933 nla_put_in_addr(msg, NL80211_WOWLAN_TCP_DST_IPV4, tcp->dst) ||
14934 nla_put(msg, NL80211_WOWLAN_TCP_DST_MAC, ETH_ALEN, tcp->dst_mac) ||
14935 nla_put_u16(msg, NL80211_WOWLAN_TCP_SRC_PORT, tcp->src_port) ||
14936 nla_put_u16(msg, NL80211_WOWLAN_TCP_DST_PORT, tcp->dst_port) ||
14937 nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
14938 tcp->payload_len, tcp->payload) ||
14939 nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_INTERVAL,
14940 tcp->data_interval) ||
14941 nla_put(msg, NL80211_WOWLAN_TCP_WAKE_PAYLOAD,
14942 tcp->wake_len, tcp->wake_data) ||
14943 nla_put(msg, NL80211_WOWLAN_TCP_WAKE_MASK,
14944 DIV_ROUND_UP(tcp->wake_len, 8), tcp->wake_mask))
14945 return -ENOBUFS;
14946
14947 if (tcp->payload_seq.len &&
14948 nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ,
14949 sizeof(tcp->payload_seq), &tcp->payload_seq))
14950 return -ENOBUFS;
14951
14952 if (tcp->payload_tok.len &&
14953 nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN,
14954 sizeof(tcp->payload_tok) + tcp->tokens_size,
14955 &tcp->payload_tok))
14956 return -ENOBUFS;
14957
14958 nla_nest_end(msg, nl_tcp);
14959
14960 return 0;
14961 }
14962
nl80211_send_wowlan_nd(struct sk_buff * msg,struct cfg80211_sched_scan_request * req)14963 static int nl80211_send_wowlan_nd(struct sk_buff *msg,
14964 struct cfg80211_sched_scan_request *req)
14965 {
14966 struct nlattr *nd, *freqs, *matches, *match, *scan_plans, *scan_plan;
14967 int i;
14968
14969 if (!req)
14970 return 0;
14971
14972 nd = nla_nest_start_noflag(msg, NL80211_WOWLAN_TRIG_NET_DETECT);
14973 if (!nd)
14974 return -ENOBUFS;
14975
14976 if (req->n_scan_plans == 1 &&
14977 nla_put_u32(msg, NL80211_ATTR_SCHED_SCAN_INTERVAL,
14978 req->scan_plans[0].interval * 1000))
14979 return -ENOBUFS;
14980
14981 if (nla_put_u32(msg, NL80211_ATTR_SCHED_SCAN_DELAY, req->delay))
14982 return -ENOBUFS;
14983
14984 if (req->relative_rssi_set) {
14985 struct nl80211_bss_select_rssi_adjust rssi_adjust;
14986
14987 if (nla_put_s8(msg, NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI,
14988 req->relative_rssi))
14989 return -ENOBUFS;
14990
14991 rssi_adjust.band = req->rssi_adjust.band;
14992 rssi_adjust.delta = req->rssi_adjust.delta;
14993 if (nla_put(msg, NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST,
14994 sizeof(rssi_adjust), &rssi_adjust))
14995 return -ENOBUFS;
14996 }
14997
14998 freqs = nla_nest_start_noflag(msg, NL80211_ATTR_SCAN_FREQUENCIES);
14999 if (!freqs)
15000 return -ENOBUFS;
15001
15002 for (i = 0; i < req->n_channels; i++) {
15003 if (nla_put_u32(msg, i, req->channels[i]->center_freq))
15004 return -ENOBUFS;
15005 }
15006
15007 nla_nest_end(msg, freqs);
15008
15009 if (req->n_match_sets) {
15010 matches = nla_nest_start_noflag(msg,
15011 NL80211_ATTR_SCHED_SCAN_MATCH);
15012 if (!matches)
15013 return -ENOBUFS;
15014
15015 for (i = 0; i < req->n_match_sets; i++) {
15016 match = nla_nest_start_noflag(msg, i);
15017 if (!match)
15018 return -ENOBUFS;
15019
15020 if (nla_put(msg, NL80211_SCHED_SCAN_MATCH_ATTR_SSID,
15021 req->match_sets[i].ssid.ssid_len,
15022 req->match_sets[i].ssid.ssid))
15023 return -ENOBUFS;
15024 nla_nest_end(msg, match);
15025 }
15026 nla_nest_end(msg, matches);
15027 }
15028
15029 scan_plans = nla_nest_start_noflag(msg, NL80211_ATTR_SCHED_SCAN_PLANS);
15030 if (!scan_plans)
15031 return -ENOBUFS;
15032
15033 for (i = 0; i < req->n_scan_plans; i++) {
15034 scan_plan = nla_nest_start_noflag(msg, i + 1);
15035 if (!scan_plan)
15036 return -ENOBUFS;
15037
15038 if (nla_put_u32(msg, NL80211_SCHED_SCAN_PLAN_INTERVAL,
15039 req->scan_plans[i].interval) ||
15040 (req->scan_plans[i].iterations &&
15041 nla_put_u32(msg, NL80211_SCHED_SCAN_PLAN_ITERATIONS,
15042 req->scan_plans[i].iterations)))
15043 return -ENOBUFS;
15044 nla_nest_end(msg, scan_plan);
15045 }
15046 nla_nest_end(msg, scan_plans);
15047
15048 nla_nest_end(msg, nd);
15049
15050 return 0;
15051 }
15052
nl80211_get_wowlan(struct sk_buff * skb,struct genl_info * info)15053 static int nl80211_get_wowlan(struct sk_buff *skb, struct genl_info *info)
15054 {
15055 struct cfg80211_registered_device *rdev = info->user_ptr[0];
15056 struct sk_buff *msg;
15057 void *hdr;
15058 u32 size = NLMSG_DEFAULT_SIZE;
15059
15060 if (!rdev->wiphy.wowlan)
15061 return -EOPNOTSUPP;
15062
15063 if (rdev->wiphy.wowlan_config && rdev->wiphy.wowlan_config->tcp) {
15064 /* adjust size to have room for all the data */
15065 size += rdev->wiphy.wowlan_config->tcp->tokens_size +
15066 rdev->wiphy.wowlan_config->tcp->payload_len +
15067 rdev->wiphy.wowlan_config->tcp->wake_len +
15068 rdev->wiphy.wowlan_config->tcp->wake_len / 8;
15069 }
15070
15071 msg = nlmsg_new(size, GFP_KERNEL);
15072 if (!msg)
15073 return -ENOMEM;
15074
15075 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
15076 NL80211_CMD_GET_WOWLAN);
15077 if (!hdr)
15078 goto nla_put_failure;
15079
15080 if (rdev->wiphy.wowlan_config) {
15081 struct nlattr *nl_wowlan;
15082
15083 nl_wowlan = nla_nest_start_noflag(msg,
15084 NL80211_ATTR_WOWLAN_TRIGGERS);
15085 if (!nl_wowlan)
15086 goto nla_put_failure;
15087
15088 if ((rdev->wiphy.wowlan_config->any &&
15089 nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) ||
15090 (rdev->wiphy.wowlan_config->disconnect &&
15091 nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) ||
15092 (rdev->wiphy.wowlan_config->magic_pkt &&
15093 nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) ||
15094 (rdev->wiphy.wowlan_config->gtk_rekey_failure &&
15095 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) ||
15096 (rdev->wiphy.wowlan_config->eap_identity_req &&
15097 nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) ||
15098 (rdev->wiphy.wowlan_config->four_way_handshake &&
15099 nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) ||
15100 (rdev->wiphy.wowlan_config->rfkill_release &&
15101 nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE)))
15102 goto nla_put_failure;
15103
15104 if (nl80211_send_wowlan_patterns(msg, rdev))
15105 goto nla_put_failure;
15106
15107 if (nl80211_send_wowlan_tcp(msg,
15108 rdev->wiphy.wowlan_config->tcp))
15109 goto nla_put_failure;
15110
15111 if (nl80211_send_wowlan_nd(
15112 msg,
15113 rdev->wiphy.wowlan_config->nd_config))
15114 goto nla_put_failure;
15115
15116 nla_nest_end(msg, nl_wowlan);
15117 }
15118
15119 genlmsg_end(msg, hdr);
15120 return genlmsg_reply(msg, info);
15121
15122 nla_put_failure:
15123 nlmsg_free(msg);
15124 return -ENOBUFS;
15125 }
15126
nl80211_parse_wowlan_tcp(struct cfg80211_registered_device * rdev,struct nlattr * attr,struct cfg80211_wowlan * trig)15127 static int nl80211_parse_wowlan_tcp(struct cfg80211_registered_device *rdev,
15128 struct nlattr *attr,
15129 struct cfg80211_wowlan *trig)
15130 {
15131 struct nlattr *tb[NUM_NL80211_WOWLAN_TCP];
15132 struct cfg80211_wowlan_tcp *cfg;
15133 struct nl80211_wowlan_tcp_data_token *tok = NULL;
15134 struct nl80211_wowlan_tcp_data_seq *seq = NULL;
15135 u32 size;
15136 u32 data_size, wake_size, tokens_size = 0, wake_mask_size;
15137 int err, port;
15138
15139 if (!rdev->wiphy.wowlan->tcp)
15140 return -EINVAL;
15141
15142 err = nla_parse_nested_deprecated(tb, MAX_NL80211_WOWLAN_TCP, attr,
15143 nl80211_wowlan_tcp_policy, NULL);
15144 if (err)
15145 return err;
15146
15147 if (!tb[NL80211_WOWLAN_TCP_SRC_IPV4] ||
15148 !tb[NL80211_WOWLAN_TCP_DST_IPV4] ||
15149 !tb[NL80211_WOWLAN_TCP_DST_MAC] ||
15150 !tb[NL80211_WOWLAN_TCP_DST_PORT] ||
15151 !tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD] ||
15152 !tb[NL80211_WOWLAN_TCP_DATA_INTERVAL] ||
15153 !tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD] ||
15154 !tb[NL80211_WOWLAN_TCP_WAKE_MASK])
15155 return -EINVAL;
15156
15157 data_size = nla_len(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD]);
15158 if (data_size > rdev->wiphy.wowlan->tcp->data_payload_max)
15159 return -EINVAL;
15160
15161 if (nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]) >
15162 rdev->wiphy.wowlan->tcp->data_interval_max ||
15163 nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]) == 0)
15164 return -EINVAL;
15165
15166 wake_size = nla_len(tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD]);
15167 if (wake_size > rdev->wiphy.wowlan->tcp->wake_payload_max)
15168 return -EINVAL;
15169
15170 wake_mask_size = nla_len(tb[NL80211_WOWLAN_TCP_WAKE_MASK]);
15171 if (wake_mask_size != DIV_ROUND_UP(wake_size, 8))
15172 return -EINVAL;
15173
15174 if (tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]) {
15175 u32 tokln = nla_len(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]);
15176
15177 tok = nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]);
15178 tokens_size = tokln - sizeof(*tok);
15179
15180 if (!tok->len || tokens_size % tok->len)
15181 return -EINVAL;
15182 if (!rdev->wiphy.wowlan->tcp->tok)
15183 return -EINVAL;
15184 if (tok->len > rdev->wiphy.wowlan->tcp->tok->max_len)
15185 return -EINVAL;
15186 if (tok->len < rdev->wiphy.wowlan->tcp->tok->min_len)
15187 return -EINVAL;
15188 if (tokens_size > rdev->wiphy.wowlan->tcp->tok->bufsize)
15189 return -EINVAL;
15190 if (tok->offset + tok->len > data_size)
15191 return -EINVAL;
15192 }
15193
15194 if (tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ]) {
15195 seq = nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ]);
15196 if (!rdev->wiphy.wowlan->tcp->seq)
15197 return -EINVAL;
15198 if (seq->len == 0 || seq->len > 4)
15199 return -EINVAL;
15200 if (seq->len + seq->offset > data_size)
15201 return -EINVAL;
15202 }
15203
15204 size = sizeof(*cfg);
15205 size += data_size;
15206 size += wake_size + wake_mask_size;
15207 size += tokens_size;
15208
15209 cfg = kzalloc(size, GFP_KERNEL);
15210 if (!cfg)
15211 return -ENOMEM;
15212 cfg->src = nla_get_in_addr(tb[NL80211_WOWLAN_TCP_SRC_IPV4]);
15213 cfg->dst = nla_get_in_addr(tb[NL80211_WOWLAN_TCP_DST_IPV4]);
15214 memcpy(cfg->dst_mac, nla_data(tb[NL80211_WOWLAN_TCP_DST_MAC]),
15215 ETH_ALEN);
15216 port = nla_get_u16_default(tb[NL80211_WOWLAN_TCP_SRC_PORT], 0);
15217 #ifdef CONFIG_INET
15218 /* allocate a socket and port for it and use it */
15219 err = __sock_create(wiphy_net(&rdev->wiphy), PF_INET, SOCK_STREAM,
15220 IPPROTO_TCP, &cfg->sock, 1);
15221 if (err) {
15222 kfree(cfg);
15223 return err;
15224 }
15225 if (inet_csk_get_port(cfg->sock->sk, port)) {
15226 sock_release(cfg->sock);
15227 kfree(cfg);
15228 return -EADDRINUSE;
15229 }
15230 cfg->src_port = inet_sk(cfg->sock->sk)->inet_num;
15231 #else
15232 if (!port) {
15233 kfree(cfg);
15234 return -EINVAL;
15235 }
15236 cfg->src_port = port;
15237 #endif
15238
15239 cfg->dst_port = nla_get_u16(tb[NL80211_WOWLAN_TCP_DST_PORT]);
15240 cfg->payload_len = data_size;
15241 cfg->payload = (u8 *)cfg + sizeof(*cfg) + tokens_size;
15242 memcpy((void *)cfg->payload,
15243 nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD]),
15244 data_size);
15245 if (seq)
15246 cfg->payload_seq = *seq;
15247 cfg->data_interval = nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]);
15248 cfg->wake_len = wake_size;
15249 cfg->wake_data = (u8 *)cfg + sizeof(*cfg) + tokens_size + data_size;
15250 memcpy((void *)cfg->wake_data,
15251 nla_data(tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD]),
15252 wake_size);
15253 cfg->wake_mask = (u8 *)cfg + sizeof(*cfg) + tokens_size +
15254 data_size + wake_size;
15255 memcpy((void *)cfg->wake_mask,
15256 nla_data(tb[NL80211_WOWLAN_TCP_WAKE_MASK]),
15257 wake_mask_size);
15258 if (tok) {
15259 cfg->tokens_size = tokens_size;
15260 cfg->payload_tok = *tok;
15261 memcpy(cfg->payload_tok.token_stream, tok->token_stream,
15262 tokens_size);
15263 }
15264
15265 trig->tcp = cfg;
15266
15267 return 0;
15268 }
15269
nl80211_parse_wowlan_nd(struct cfg80211_registered_device * rdev,const struct wiphy_wowlan_support * wowlan,struct nlattr * attr,struct cfg80211_wowlan * trig)15270 static int nl80211_parse_wowlan_nd(struct cfg80211_registered_device *rdev,
15271 const struct wiphy_wowlan_support *wowlan,
15272 struct nlattr *attr,
15273 struct cfg80211_wowlan *trig)
15274 {
15275 struct nlattr **tb;
15276 int err;
15277
15278 tb = kzalloc_objs(*tb, NUM_NL80211_ATTR);
15279 if (!tb)
15280 return -ENOMEM;
15281
15282 if (!(wowlan->flags & WIPHY_WOWLAN_NET_DETECT)) {
15283 err = -EOPNOTSUPP;
15284 goto out;
15285 }
15286
15287 err = nla_parse_nested_deprecated(tb, NL80211_ATTR_MAX, attr,
15288 nl80211_policy, NULL);
15289 if (err)
15290 goto out;
15291
15292 trig->nd_config = nl80211_parse_sched_scan(&rdev->wiphy, NULL, tb,
15293 wowlan->max_nd_match_sets);
15294 err = PTR_ERR_OR_ZERO(trig->nd_config);
15295 if (err)
15296 trig->nd_config = NULL;
15297
15298 out:
15299 kfree(tb);
15300 return err;
15301 }
15302
nl80211_set_wowlan(struct sk_buff * skb,struct genl_info * info)15303 static int nl80211_set_wowlan(struct sk_buff *skb, struct genl_info *info)
15304 {
15305 struct cfg80211_registered_device *rdev = info->user_ptr[0];
15306 struct nlattr *tb[NUM_NL80211_WOWLAN_TRIG];
15307 struct cfg80211_wowlan new_triggers = {};
15308 struct cfg80211_wowlan *ntrig;
15309 const struct wiphy_wowlan_support *wowlan = rdev->wiphy.wowlan;
15310 int err, i;
15311 bool prev_enabled = rdev->wiphy.wowlan_config;
15312 bool regular = false;
15313
15314 if (!wowlan)
15315 return -EOPNOTSUPP;
15316
15317 if (!info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]) {
15318 cfg80211_rdev_free_wowlan(rdev);
15319 rdev->wiphy.wowlan_config = NULL;
15320 goto set_wakeup;
15321 }
15322
15323 err = nla_parse_nested_deprecated(tb, MAX_NL80211_WOWLAN_TRIG,
15324 info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS],
15325 nl80211_wowlan_policy, info->extack);
15326 if (err)
15327 return err;
15328
15329 if (tb[NL80211_WOWLAN_TRIG_ANY]) {
15330 if (!(wowlan->flags & WIPHY_WOWLAN_ANY))
15331 return -EINVAL;
15332 new_triggers.any = true;
15333 }
15334
15335 if (tb[NL80211_WOWLAN_TRIG_DISCONNECT]) {
15336 if (!(wowlan->flags & WIPHY_WOWLAN_DISCONNECT))
15337 return -EINVAL;
15338 new_triggers.disconnect = true;
15339 regular = true;
15340 }
15341
15342 if (tb[NL80211_WOWLAN_TRIG_MAGIC_PKT]) {
15343 if (!(wowlan->flags & WIPHY_WOWLAN_MAGIC_PKT))
15344 return -EINVAL;
15345 new_triggers.magic_pkt = true;
15346 regular = true;
15347 }
15348
15349 if (tb[NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED])
15350 return -EINVAL;
15351
15352 if (tb[NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE]) {
15353 if (!(wowlan->flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE))
15354 return -EINVAL;
15355 new_triggers.gtk_rekey_failure = true;
15356 regular = true;
15357 }
15358
15359 if (tb[NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST]) {
15360 if (!(wowlan->flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ))
15361 return -EINVAL;
15362 new_triggers.eap_identity_req = true;
15363 regular = true;
15364 }
15365
15366 if (tb[NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE]) {
15367 if (!(wowlan->flags & WIPHY_WOWLAN_4WAY_HANDSHAKE))
15368 return -EINVAL;
15369 new_triggers.four_way_handshake = true;
15370 regular = true;
15371 }
15372
15373 if (tb[NL80211_WOWLAN_TRIG_RFKILL_RELEASE]) {
15374 if (!(wowlan->flags & WIPHY_WOWLAN_RFKILL_RELEASE))
15375 return -EINVAL;
15376 new_triggers.rfkill_release = true;
15377 regular = true;
15378 }
15379
15380 if (tb[NL80211_WOWLAN_TRIG_PKT_PATTERN]) {
15381 struct nlattr *pat;
15382 int n_patterns = 0;
15383 int rem, pat_len, mask_len, pkt_offset;
15384 struct nlattr *pat_tb[NUM_NL80211_PKTPAT];
15385
15386 regular = true;
15387
15388 nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN],
15389 rem)
15390 n_patterns++;
15391 if (n_patterns > wowlan->n_patterns)
15392 return -EINVAL;
15393
15394 new_triggers.patterns = kzalloc_objs(new_triggers.patterns[0],
15395 n_patterns);
15396 if (!new_triggers.patterns)
15397 return -ENOMEM;
15398
15399 new_triggers.n_patterns = n_patterns;
15400 i = 0;
15401
15402 nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN],
15403 rem) {
15404 u8 *mask_pat;
15405
15406 err = nla_parse_nested_deprecated(pat_tb,
15407 MAX_NL80211_PKTPAT,
15408 pat,
15409 nl80211_packet_pattern_policy,
15410 info->extack);
15411 if (err)
15412 goto error;
15413
15414 err = -EINVAL;
15415 if (!pat_tb[NL80211_PKTPAT_MASK] ||
15416 !pat_tb[NL80211_PKTPAT_PATTERN])
15417 goto error;
15418 pat_len = nla_len(pat_tb[NL80211_PKTPAT_PATTERN]);
15419 mask_len = DIV_ROUND_UP(pat_len, 8);
15420 if (nla_len(pat_tb[NL80211_PKTPAT_MASK]) != mask_len)
15421 goto error;
15422 if (pat_len > wowlan->pattern_max_len ||
15423 pat_len < wowlan->pattern_min_len)
15424 goto error;
15425
15426 pkt_offset =
15427 nla_get_u32_default(pat_tb[NL80211_PKTPAT_OFFSET],
15428 0);
15429 if (pkt_offset > wowlan->max_pkt_offset)
15430 goto error;
15431 new_triggers.patterns[i].pkt_offset = pkt_offset;
15432
15433 mask_pat = kmalloc(mask_len + pat_len, GFP_KERNEL);
15434 if (!mask_pat) {
15435 err = -ENOMEM;
15436 goto error;
15437 }
15438 new_triggers.patterns[i].mask = mask_pat;
15439 memcpy(mask_pat, nla_data(pat_tb[NL80211_PKTPAT_MASK]),
15440 mask_len);
15441 mask_pat += mask_len;
15442 new_triggers.patterns[i].pattern = mask_pat;
15443 new_triggers.patterns[i].pattern_len = pat_len;
15444 memcpy(mask_pat,
15445 nla_data(pat_tb[NL80211_PKTPAT_PATTERN]),
15446 pat_len);
15447 i++;
15448 }
15449 }
15450
15451 if (tb[NL80211_WOWLAN_TRIG_TCP_CONNECTION]) {
15452 regular = true;
15453 err = nl80211_parse_wowlan_tcp(
15454 rdev, tb[NL80211_WOWLAN_TRIG_TCP_CONNECTION],
15455 &new_triggers);
15456 if (err)
15457 goto error;
15458 }
15459
15460 if (tb[NL80211_WOWLAN_TRIG_NET_DETECT]) {
15461 regular = true;
15462 err = nl80211_parse_wowlan_nd(
15463 rdev, wowlan, tb[NL80211_WOWLAN_TRIG_NET_DETECT],
15464 &new_triggers);
15465 if (err)
15466 goto error;
15467 }
15468
15469 /* The 'any' trigger means the device continues operating more or less
15470 * as in its normal operation mode and wakes up the host on most of the
15471 * normal interrupts (like packet RX, ...)
15472 * It therefore makes little sense to combine with the more constrained
15473 * wakeup trigger modes.
15474 */
15475 if (new_triggers.any && regular) {
15476 err = -EINVAL;
15477 goto error;
15478 }
15479
15480 ntrig = kmemdup(&new_triggers, sizeof(new_triggers), GFP_KERNEL);
15481 if (!ntrig) {
15482 err = -ENOMEM;
15483 goto error;
15484 }
15485 cfg80211_rdev_free_wowlan(rdev);
15486 rdev->wiphy.wowlan_config = ntrig;
15487
15488 set_wakeup:
15489 if (rdev->ops->set_wakeup &&
15490 prev_enabled != !!rdev->wiphy.wowlan_config)
15491 rdev_set_wakeup(rdev, rdev->wiphy.wowlan_config);
15492
15493 return 0;
15494 error:
15495 for (i = 0; i < new_triggers.n_patterns; i++)
15496 kfree(new_triggers.patterns[i].mask);
15497 kfree(new_triggers.patterns);
15498 if (new_triggers.tcp && new_triggers.tcp->sock)
15499 sock_release(new_triggers.tcp->sock);
15500 kfree(new_triggers.tcp);
15501 kfree(new_triggers.nd_config);
15502 return err;
15503 }
15504 #endif
15505
nl80211_send_coalesce_rules(struct sk_buff * msg,struct cfg80211_registered_device * rdev)15506 static int nl80211_send_coalesce_rules(struct sk_buff *msg,
15507 struct cfg80211_registered_device *rdev)
15508 {
15509 struct nlattr *nl_pats, *nl_pat, *nl_rule, *nl_rules;
15510 int i, j, pat_len;
15511 struct cfg80211_coalesce_rules *rule;
15512
15513 if (!rdev->coalesce->n_rules)
15514 return 0;
15515
15516 nl_rules = nla_nest_start_noflag(msg, NL80211_ATTR_COALESCE_RULE);
15517 if (!nl_rules)
15518 return -ENOBUFS;
15519
15520 for (i = 0; i < rdev->coalesce->n_rules; i++) {
15521 nl_rule = nla_nest_start_noflag(msg, i + 1);
15522 if (!nl_rule)
15523 return -ENOBUFS;
15524
15525 rule = &rdev->coalesce->rules[i];
15526 if (nla_put_u32(msg, NL80211_ATTR_COALESCE_RULE_DELAY,
15527 rule->delay))
15528 return -ENOBUFS;
15529
15530 if (nla_put_u32(msg, NL80211_ATTR_COALESCE_RULE_CONDITION,
15531 rule->condition))
15532 return -ENOBUFS;
15533
15534 nl_pats = nla_nest_start_noflag(msg,
15535 NL80211_ATTR_COALESCE_RULE_PKT_PATTERN);
15536 if (!nl_pats)
15537 return -ENOBUFS;
15538
15539 for (j = 0; j < rule->n_patterns; j++) {
15540 nl_pat = nla_nest_start_noflag(msg, j + 1);
15541 if (!nl_pat)
15542 return -ENOBUFS;
15543 pat_len = rule->patterns[j].pattern_len;
15544 if (nla_put(msg, NL80211_PKTPAT_MASK,
15545 DIV_ROUND_UP(pat_len, 8),
15546 rule->patterns[j].mask) ||
15547 nla_put(msg, NL80211_PKTPAT_PATTERN, pat_len,
15548 rule->patterns[j].pattern) ||
15549 nla_put_u32(msg, NL80211_PKTPAT_OFFSET,
15550 rule->patterns[j].pkt_offset))
15551 return -ENOBUFS;
15552 nla_nest_end(msg, nl_pat);
15553 }
15554 nla_nest_end(msg, nl_pats);
15555 nla_nest_end(msg, nl_rule);
15556 }
15557 nla_nest_end(msg, nl_rules);
15558
15559 return 0;
15560 }
15561
nl80211_get_coalesce(struct sk_buff * skb,struct genl_info * info)15562 static int nl80211_get_coalesce(struct sk_buff *skb, struct genl_info *info)
15563 {
15564 struct cfg80211_registered_device *rdev = info->user_ptr[0];
15565 struct sk_buff *msg;
15566 void *hdr;
15567
15568 if (!rdev->wiphy.coalesce)
15569 return -EOPNOTSUPP;
15570
15571 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
15572 if (!msg)
15573 return -ENOMEM;
15574
15575 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
15576 NL80211_CMD_GET_COALESCE);
15577 if (!hdr)
15578 goto nla_put_failure;
15579
15580 if (rdev->coalesce && nl80211_send_coalesce_rules(msg, rdev))
15581 goto nla_put_failure;
15582
15583 genlmsg_end(msg, hdr);
15584 return genlmsg_reply(msg, info);
15585
15586 nla_put_failure:
15587 nlmsg_free(msg);
15588 return -ENOBUFS;
15589 }
15590
cfg80211_free_coalesce(struct cfg80211_coalesce * coalesce)15591 void cfg80211_free_coalesce(struct cfg80211_coalesce *coalesce)
15592 {
15593 int i, j;
15594 struct cfg80211_coalesce_rules *rule;
15595
15596 if (!coalesce)
15597 return;
15598
15599 for (i = 0; i < coalesce->n_rules; i++) {
15600 rule = &coalesce->rules[i];
15601 for (j = 0; j < rule->n_patterns; j++)
15602 kfree(rule->patterns[j].mask);
15603 kfree(rule->patterns);
15604 }
15605 kfree(coalesce);
15606 }
15607
nl80211_parse_coalesce_rule(struct cfg80211_registered_device * rdev,struct nlattr * rule,struct cfg80211_coalesce_rules * new_rule)15608 static int nl80211_parse_coalesce_rule(struct cfg80211_registered_device *rdev,
15609 struct nlattr *rule,
15610 struct cfg80211_coalesce_rules *new_rule)
15611 {
15612 int err, i;
15613 const struct wiphy_coalesce_support *coalesce = rdev->wiphy.coalesce;
15614 struct nlattr *tb[NUM_NL80211_ATTR_COALESCE_RULE], *pat;
15615 int rem, pat_len, mask_len, pkt_offset, n_patterns = 0;
15616 struct nlattr *pat_tb[NUM_NL80211_PKTPAT];
15617
15618 err = nla_parse_nested_deprecated(tb, NL80211_ATTR_COALESCE_RULE_MAX,
15619 rule, nl80211_coalesce_policy, NULL);
15620 if (err)
15621 return err;
15622
15623 if (tb[NL80211_ATTR_COALESCE_RULE_DELAY])
15624 new_rule->delay =
15625 nla_get_u32(tb[NL80211_ATTR_COALESCE_RULE_DELAY]);
15626 if (new_rule->delay > coalesce->max_delay)
15627 return -EINVAL;
15628
15629 if (tb[NL80211_ATTR_COALESCE_RULE_CONDITION])
15630 new_rule->condition =
15631 nla_get_u32(tb[NL80211_ATTR_COALESCE_RULE_CONDITION]);
15632
15633 if (!tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN])
15634 return -EINVAL;
15635
15636 nla_for_each_nested(pat, tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN],
15637 rem)
15638 n_patterns++;
15639 if (n_patterns > coalesce->n_patterns)
15640 return -EINVAL;
15641
15642 new_rule->patterns = kzalloc_objs(new_rule->patterns[0], n_patterns);
15643 if (!new_rule->patterns)
15644 return -ENOMEM;
15645
15646 new_rule->n_patterns = n_patterns;
15647 i = 0;
15648
15649 nla_for_each_nested(pat, tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN],
15650 rem) {
15651 u8 *mask_pat;
15652
15653 err = nla_parse_nested_deprecated(pat_tb, MAX_NL80211_PKTPAT,
15654 pat,
15655 nl80211_packet_pattern_policy,
15656 NULL);
15657 if (err)
15658 return err;
15659
15660 if (!pat_tb[NL80211_PKTPAT_MASK] ||
15661 !pat_tb[NL80211_PKTPAT_PATTERN])
15662 return -EINVAL;
15663 pat_len = nla_len(pat_tb[NL80211_PKTPAT_PATTERN]);
15664 mask_len = DIV_ROUND_UP(pat_len, 8);
15665 if (nla_len(pat_tb[NL80211_PKTPAT_MASK]) != mask_len)
15666 return -EINVAL;
15667 if (pat_len > coalesce->pattern_max_len ||
15668 pat_len < coalesce->pattern_min_len)
15669 return -EINVAL;
15670
15671 pkt_offset = nla_get_u32_default(pat_tb[NL80211_PKTPAT_OFFSET],
15672 0);
15673 if (pkt_offset > coalesce->max_pkt_offset)
15674 return -EINVAL;
15675 new_rule->patterns[i].pkt_offset = pkt_offset;
15676
15677 mask_pat = kmalloc(mask_len + pat_len, GFP_KERNEL);
15678 if (!mask_pat)
15679 return -ENOMEM;
15680
15681 new_rule->patterns[i].mask = mask_pat;
15682 memcpy(mask_pat, nla_data(pat_tb[NL80211_PKTPAT_MASK]),
15683 mask_len);
15684
15685 mask_pat += mask_len;
15686 new_rule->patterns[i].pattern = mask_pat;
15687 new_rule->patterns[i].pattern_len = pat_len;
15688 memcpy(mask_pat, nla_data(pat_tb[NL80211_PKTPAT_PATTERN]),
15689 pat_len);
15690 i++;
15691 }
15692
15693 return 0;
15694 }
15695
nl80211_set_coalesce(struct sk_buff * skb,struct genl_info * info)15696 static int nl80211_set_coalesce(struct sk_buff *skb, struct genl_info *info)
15697 {
15698 struct cfg80211_registered_device *rdev = info->user_ptr[0];
15699 const struct wiphy_coalesce_support *coalesce = rdev->wiphy.coalesce;
15700 struct cfg80211_coalesce *new_coalesce;
15701 int err, rem_rule, n_rules = 0, i;
15702 struct nlattr *rule;
15703
15704 if (!rdev->wiphy.coalesce || !rdev->ops->set_coalesce)
15705 return -EOPNOTSUPP;
15706
15707 if (!info->attrs[NL80211_ATTR_COALESCE_RULE]) {
15708 cfg80211_free_coalesce(rdev->coalesce);
15709 rdev->coalesce = NULL;
15710 rdev_set_coalesce(rdev, NULL);
15711 return 0;
15712 }
15713
15714 nla_for_each_nested(rule, info->attrs[NL80211_ATTR_COALESCE_RULE],
15715 rem_rule)
15716 n_rules++;
15717 if (n_rules > coalesce->n_rules)
15718 return -EINVAL;
15719
15720 new_coalesce = kzalloc_flex(*new_coalesce, rules, n_rules);
15721 if (!new_coalesce)
15722 return -ENOMEM;
15723
15724 new_coalesce->n_rules = n_rules;
15725 i = 0;
15726
15727 nla_for_each_nested(rule, info->attrs[NL80211_ATTR_COALESCE_RULE],
15728 rem_rule) {
15729 err = nl80211_parse_coalesce_rule(rdev, rule,
15730 &new_coalesce->rules[i]);
15731 if (err)
15732 goto error;
15733
15734 i++;
15735 }
15736
15737 err = rdev_set_coalesce(rdev, new_coalesce);
15738 if (err)
15739 goto error;
15740
15741 cfg80211_free_coalesce(rdev->coalesce);
15742 rdev->coalesce = new_coalesce;
15743
15744 return 0;
15745 error:
15746 cfg80211_free_coalesce(new_coalesce);
15747
15748 return err;
15749 }
15750
nl80211_set_rekey_data(struct sk_buff * skb,struct genl_info * info)15751 static int nl80211_set_rekey_data(struct sk_buff *skb, struct genl_info *info)
15752 {
15753 struct cfg80211_registered_device *rdev = info->user_ptr[0];
15754 struct net_device *dev = info->user_ptr[1];
15755 struct wireless_dev *wdev = dev->ieee80211_ptr;
15756 struct nlattr *tb[NUM_NL80211_REKEY_DATA];
15757 struct cfg80211_gtk_rekey_data rekey_data = {};
15758 int err;
15759
15760 if (!info->attrs[NL80211_ATTR_REKEY_DATA])
15761 return -EINVAL;
15762
15763 err = nla_parse_nested_deprecated(tb, MAX_NL80211_REKEY_DATA,
15764 info->attrs[NL80211_ATTR_REKEY_DATA],
15765 nl80211_rekey_policy, info->extack);
15766 if (err)
15767 return err;
15768
15769 if (!tb[NL80211_REKEY_DATA_REPLAY_CTR] || !tb[NL80211_REKEY_DATA_KEK] ||
15770 !tb[NL80211_REKEY_DATA_KCK])
15771 return -EINVAL;
15772 if (nla_len(tb[NL80211_REKEY_DATA_KEK]) != NL80211_KEK_LEN &&
15773 !(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_EXT_KEK_KCK &&
15774 nla_len(tb[NL80211_REKEY_DATA_KEK]) == NL80211_KEK_EXT_LEN))
15775 return -ERANGE;
15776 if (nla_len(tb[NL80211_REKEY_DATA_KCK]) != NL80211_KCK_LEN &&
15777 !(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_EXT_KEK_KCK &&
15778 nla_len(tb[NL80211_REKEY_DATA_KCK]) == NL80211_KCK_EXT_LEN) &&
15779 !(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_EXT_KCK_32 &&
15780 nla_len(tb[NL80211_REKEY_DATA_KCK]) == NL80211_KCK_EXT_LEN_32))
15781 return -ERANGE;
15782
15783 rekey_data.kek = nla_data(tb[NL80211_REKEY_DATA_KEK]);
15784 rekey_data.kck = nla_data(tb[NL80211_REKEY_DATA_KCK]);
15785 rekey_data.replay_ctr = nla_data(tb[NL80211_REKEY_DATA_REPLAY_CTR]);
15786 rekey_data.kek_len = nla_len(tb[NL80211_REKEY_DATA_KEK]);
15787 rekey_data.kck_len = nla_len(tb[NL80211_REKEY_DATA_KCK]);
15788 if (tb[NL80211_REKEY_DATA_AKM])
15789 rekey_data.akm = nla_get_u32(tb[NL80211_REKEY_DATA_AKM]);
15790
15791 if (!wdev->connected)
15792 return -ENOTCONN;
15793
15794 if (!rdev->ops->set_rekey_data)
15795 return -EOPNOTSUPP;
15796
15797 return rdev_set_rekey_data(rdev, dev, &rekey_data);
15798 }
15799
nl80211_register_unexpected_frame(struct sk_buff * skb,struct genl_info * info)15800 static int nl80211_register_unexpected_frame(struct sk_buff *skb,
15801 struct genl_info *info)
15802 {
15803 struct net_device *dev = info->user_ptr[1];
15804 struct wireless_dev *wdev = dev->ieee80211_ptr;
15805
15806 if (wdev->iftype != NL80211_IFTYPE_AP &&
15807 wdev->iftype != NL80211_IFTYPE_P2P_GO &&
15808 wdev->iftype != NL80211_IFTYPE_NAN_DATA)
15809 return -EINVAL;
15810
15811 if (wdev->unexpected_nlportid)
15812 return -EBUSY;
15813
15814 wdev->unexpected_nlportid = info->snd_portid;
15815 return 0;
15816 }
15817
nl80211_probe_client(struct sk_buff * skb,struct genl_info * info)15818 static int nl80211_probe_client(struct sk_buff *skb,
15819 struct genl_info *info)
15820 {
15821 struct cfg80211_registered_device *rdev = info->user_ptr[0];
15822 struct net_device *dev = info->user_ptr[1];
15823 struct wireless_dev *wdev = dev->ieee80211_ptr;
15824 struct sk_buff *msg;
15825 void *hdr;
15826 const u8 *addr;
15827 u64 cookie;
15828 int err;
15829
15830 if (wdev->iftype != NL80211_IFTYPE_AP &&
15831 wdev->iftype != NL80211_IFTYPE_P2P_GO)
15832 return -EOPNOTSUPP;
15833
15834 if (!info->attrs[NL80211_ATTR_MAC])
15835 return -EINVAL;
15836
15837 if (!rdev->ops->probe_client)
15838 return -EOPNOTSUPP;
15839
15840 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
15841 if (!msg)
15842 return -ENOMEM;
15843
15844 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
15845 NL80211_CMD_PROBE_CLIENT);
15846 if (!hdr) {
15847 err = -ENOBUFS;
15848 goto free_msg;
15849 }
15850
15851 addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
15852
15853 err = rdev_probe_client(rdev, dev, addr, &cookie);
15854 if (err)
15855 goto free_msg;
15856
15857 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
15858 NL80211_ATTR_PAD))
15859 goto nla_put_failure;
15860
15861 genlmsg_end(msg, hdr);
15862
15863 return genlmsg_reply(msg, info);
15864
15865 nla_put_failure:
15866 err = -ENOBUFS;
15867 free_msg:
15868 nlmsg_free(msg);
15869 return err;
15870 }
15871
nl80211_register_beacons(struct sk_buff * skb,struct genl_info * info)15872 static int nl80211_register_beacons(struct sk_buff *skb, struct genl_info *info)
15873 {
15874 struct cfg80211_registered_device *rdev = info->user_ptr[0];
15875 struct cfg80211_beacon_registration *reg, *nreg;
15876 int rv;
15877
15878 if (!(rdev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS))
15879 return -EOPNOTSUPP;
15880
15881 nreg = kzalloc_obj(*nreg);
15882 if (!nreg)
15883 return -ENOMEM;
15884
15885 /* First, check if already registered. */
15886 spin_lock_bh(&rdev->beacon_registrations_lock);
15887 list_for_each_entry(reg, &rdev->beacon_registrations, list) {
15888 if (reg->nlportid == info->snd_portid) {
15889 rv = -EALREADY;
15890 goto out_err;
15891 }
15892 }
15893 /* Add it to the list */
15894 nreg->nlportid = info->snd_portid;
15895 list_add(&nreg->list, &rdev->beacon_registrations);
15896
15897 spin_unlock_bh(&rdev->beacon_registrations_lock);
15898
15899 return 0;
15900 out_err:
15901 spin_unlock_bh(&rdev->beacon_registrations_lock);
15902 kfree(nreg);
15903 return rv;
15904 }
15905
nl80211_start_p2p_device(struct sk_buff * skb,struct genl_info * info)15906 static int nl80211_start_p2p_device(struct sk_buff *skb, struct genl_info *info)
15907 {
15908 struct cfg80211_registered_device *rdev = info->user_ptr[0];
15909 struct wireless_dev *wdev = info->user_ptr[1];
15910 int err;
15911
15912 if (!rdev->ops->start_p2p_device)
15913 return -EOPNOTSUPP;
15914
15915 if (wdev->iftype != NL80211_IFTYPE_P2P_DEVICE)
15916 return -EOPNOTSUPP;
15917
15918 if (wdev_running(wdev))
15919 return 0;
15920
15921 if (rfkill_blocked(rdev->wiphy.rfkill))
15922 return -ERFKILL;
15923
15924 err = rdev_start_p2p_device(rdev, wdev);
15925 if (err)
15926 return err;
15927
15928 wdev->is_running = true;
15929 rdev->opencount++;
15930
15931 return 0;
15932 }
15933
nl80211_stop_p2p_device(struct sk_buff * skb,struct genl_info * info)15934 static int nl80211_stop_p2p_device(struct sk_buff *skb, struct genl_info *info)
15935 {
15936 struct cfg80211_registered_device *rdev = info->user_ptr[0];
15937 struct wireless_dev *wdev = info->user_ptr[1];
15938
15939 if (wdev->iftype != NL80211_IFTYPE_P2P_DEVICE)
15940 return -EOPNOTSUPP;
15941
15942 if (!rdev->ops->stop_p2p_device)
15943 return -EOPNOTSUPP;
15944
15945 cfg80211_stop_p2p_device(rdev, wdev);
15946
15947 return 0;
15948 }
15949
nl80211_get_nan_channel(struct wiphy * wiphy,int freq)15950 static struct ieee80211_channel *nl80211_get_nan_channel(struct wiphy *wiphy,
15951 int freq)
15952 {
15953 struct ieee80211_channel *chan;
15954 struct cfg80211_chan_def def;
15955
15956 /* Check if the frequency is valid for NAN */
15957 if (freq != 5220 && freq != 5745 && freq != 2437)
15958 return NULL;
15959
15960 chan = ieee80211_get_channel(wiphy, freq);
15961 if (!chan)
15962 return NULL;
15963
15964 cfg80211_chandef_create(&def, chan, NL80211_CHAN_NO_HT);
15965
15966 /* Check if the channel is allowed */
15967 if (cfg80211_reg_can_beacon(wiphy, &def, NL80211_IFTYPE_NAN))
15968 return chan;
15969
15970 return NULL;
15971 }
15972
nl80211_parse_nan_band_config(struct wiphy * wiphy,struct nlattr ** tb,struct cfg80211_nan_band_config * cfg,enum nl80211_band band)15973 static int nl80211_parse_nan_band_config(struct wiphy *wiphy,
15974 struct nlattr **tb,
15975 struct cfg80211_nan_band_config *cfg,
15976 enum nl80211_band band)
15977 {
15978 if (BIT(band) & ~(u32)wiphy->nan_supported_bands)
15979 return -EINVAL;
15980
15981 if (tb[NL80211_NAN_BAND_CONF_FREQ]) {
15982 u16 freq = nla_get_u16(tb[NL80211_NAN_BAND_CONF_FREQ]);
15983
15984 if (band != NL80211_BAND_5GHZ)
15985 return -EINVAL;
15986
15987 cfg->chan = nl80211_get_nan_channel(wiphy, freq);
15988 if (!cfg->chan)
15989 return -EINVAL;
15990 }
15991
15992 if (tb[NL80211_NAN_BAND_CONF_RSSI_CLOSE]) {
15993 cfg->rssi_close =
15994 nla_get_s8(tb[NL80211_NAN_BAND_CONF_RSSI_CLOSE]);
15995 if (!tb[NL80211_NAN_BAND_CONF_RSSI_MIDDLE])
15996 return -EINVAL;
15997 }
15998
15999 if (tb[NL80211_NAN_BAND_CONF_RSSI_MIDDLE]) {
16000 cfg->rssi_middle =
16001 nla_get_s8(tb[NL80211_NAN_BAND_CONF_RSSI_MIDDLE]);
16002 if (!cfg->rssi_close || cfg->rssi_middle >= cfg->rssi_close)
16003 return -EINVAL;
16004 }
16005
16006 if (tb[NL80211_NAN_BAND_CONF_WAKE_DW]) {
16007 cfg->awake_dw_interval =
16008 nla_get_u8(tb[NL80211_NAN_BAND_CONF_WAKE_DW]);
16009
16010 if (band == NL80211_BAND_2GHZ && cfg->awake_dw_interval == 0)
16011 return -EINVAL;
16012 }
16013
16014 cfg->disable_scan =
16015 nla_get_flag(tb[NL80211_NAN_BAND_CONF_DISABLE_SCAN]);
16016 return 0;
16017 }
16018
nl80211_parse_nan_conf(struct wiphy * wiphy,struct genl_info * info,struct cfg80211_nan_conf * conf,u32 * changed_flags,bool start)16019 static int nl80211_parse_nan_conf(struct wiphy *wiphy,
16020 struct genl_info *info,
16021 struct cfg80211_nan_conf *conf,
16022 u32 *changed_flags,
16023 bool start)
16024 {
16025 struct nlattr *attrs[NL80211_NAN_CONF_ATTR_MAX + 1];
16026 int err, rem;
16027 u32 changed = 0;
16028 struct nlattr *band_config;
16029
16030 if (info->attrs[NL80211_ATTR_NAN_MASTER_PREF]) {
16031 conf->master_pref =
16032 nla_get_u8(info->attrs[NL80211_ATTR_NAN_MASTER_PREF]);
16033
16034 changed |= CFG80211_NAN_CONF_CHANGED_PREF;
16035 }
16036
16037 if (info->attrs[NL80211_ATTR_BANDS]) {
16038 u32 bands = nla_get_u32(info->attrs[NL80211_ATTR_BANDS]);
16039
16040 if (bands & ~(u32)wiphy->nan_supported_bands)
16041 return -EOPNOTSUPP;
16042
16043 if (bands && !(bands & BIT(NL80211_BAND_2GHZ)))
16044 return -EINVAL;
16045
16046 conf->bands = bands;
16047 changed |= CFG80211_NAN_CONF_CHANGED_BANDS;
16048 }
16049
16050 conf->band_cfgs[NL80211_BAND_2GHZ].awake_dw_interval = 1;
16051 if (conf->bands & BIT(NL80211_BAND_5GHZ) || !conf->bands)
16052 conf->band_cfgs[NL80211_BAND_5GHZ].awake_dw_interval = 1;
16053
16054 /* On 2.4 GHz band use channel 6 */
16055 conf->band_cfgs[NL80211_BAND_2GHZ].chan =
16056 nl80211_get_nan_channel(wiphy, 2437);
16057 if (!conf->band_cfgs[NL80211_BAND_2GHZ].chan)
16058 return -EINVAL;
16059
16060 if (!info->attrs[NL80211_ATTR_NAN_CONFIG])
16061 goto out;
16062
16063 err = nla_parse_nested(attrs, NL80211_NAN_CONF_ATTR_MAX,
16064 info->attrs[NL80211_ATTR_NAN_CONFIG], NULL,
16065 info->extack);
16066 if (err)
16067 return err;
16068
16069 changed |= CFG80211_NAN_CONF_CHANGED_CONFIG;
16070 if (attrs[NL80211_NAN_CONF_CLUSTER_ID] && start) {
16071 ether_addr_copy(conf->cluster_id,
16072 nla_data(attrs[NL80211_NAN_CONF_CLUSTER_ID]));
16073 } else if (start) {
16074 conf->cluster_id[0] = 0x50;
16075 conf->cluster_id[1] = 0x6f;
16076 conf->cluster_id[2] = 0x9a;
16077 conf->cluster_id[3] = 0x01;
16078 get_random_bytes(&conf->cluster_id[4], 2);
16079 }
16080
16081 if (attrs[NL80211_NAN_CONF_EXTRA_ATTRS]) {
16082 conf->extra_nan_attrs =
16083 nla_data(attrs[NL80211_NAN_CONF_EXTRA_ATTRS]);
16084 conf->extra_nan_attrs_len =
16085 nla_len(attrs[NL80211_NAN_CONF_EXTRA_ATTRS]);
16086 }
16087
16088 if (attrs[NL80211_NAN_CONF_VENDOR_ELEMS]) {
16089 conf->vendor_elems =
16090 nla_data(attrs[NL80211_NAN_CONF_VENDOR_ELEMS]);
16091 conf->vendor_elems_len =
16092 nla_len(attrs[NL80211_NAN_CONF_VENDOR_ELEMS]);
16093 }
16094
16095 if (attrs[NL80211_NAN_CONF_BAND_CONFIGS]) {
16096 nla_for_each_nested(band_config,
16097 attrs[NL80211_NAN_CONF_BAND_CONFIGS],
16098 rem) {
16099 enum nl80211_band band;
16100 struct cfg80211_nan_band_config *cfg;
16101 struct nlattr *tb[NL80211_NAN_BAND_CONF_ATTR_MAX + 1];
16102
16103 err = nla_parse_nested(tb,
16104 NL80211_NAN_BAND_CONF_ATTR_MAX,
16105 band_config, NULL,
16106 info->extack);
16107 if (err)
16108 return err;
16109
16110 if (!tb[NL80211_NAN_BAND_CONF_BAND])
16111 return -EINVAL;
16112
16113 band = nla_get_u8(tb[NL80211_NAN_BAND_CONF_BAND]);
16114 if (conf->bands && !(conf->bands & BIT(band)))
16115 return -EINVAL;
16116
16117 cfg = &conf->band_cfgs[band];
16118
16119 err = nl80211_parse_nan_band_config(wiphy, tb, cfg,
16120 band);
16121 if (err)
16122 return err;
16123 }
16124 }
16125
16126 if (attrs[NL80211_NAN_CONF_SCAN_PERIOD])
16127 conf->scan_period =
16128 nla_get_u16(attrs[NL80211_NAN_CONF_SCAN_PERIOD]);
16129
16130 if (attrs[NL80211_NAN_CONF_SCAN_DWELL_TIME])
16131 conf->scan_dwell_time =
16132 nla_get_u16(attrs[NL80211_NAN_CONF_SCAN_DWELL_TIME]);
16133
16134 if (attrs[NL80211_NAN_CONF_DISCOVERY_BEACON_INTERVAL])
16135 conf->discovery_beacon_interval =
16136 nla_get_u8(attrs[NL80211_NAN_CONF_DISCOVERY_BEACON_INTERVAL]);
16137
16138 if (attrs[NL80211_NAN_CONF_NOTIFY_DW])
16139 conf->enable_dw_notification =
16140 nla_get_flag(attrs[NL80211_NAN_CONF_NOTIFY_DW]);
16141
16142 out:
16143 if (!conf->band_cfgs[NL80211_BAND_5GHZ].chan &&
16144 (!conf->bands || conf->bands & BIT(NL80211_BAND_5GHZ))) {
16145 /* If no 5GHz channel is specified use default, if possible */
16146 conf->band_cfgs[NL80211_BAND_5GHZ].chan =
16147 nl80211_get_nan_channel(wiphy, 5745);
16148 if (!conf->band_cfgs[NL80211_BAND_5GHZ].chan)
16149 conf->band_cfgs[NL80211_BAND_5GHZ].chan =
16150 nl80211_get_nan_channel(wiphy, 5220);
16151
16152 /* Return error if user space asked explicitly for 5 GHz */
16153 if (!conf->band_cfgs[NL80211_BAND_5GHZ].chan &&
16154 conf->bands & BIT(NL80211_BAND_5GHZ)) {
16155 NL_SET_ERR_MSG_ATTR(info->extack,
16156 info->attrs[NL80211_ATTR_BANDS],
16157 "5 GHz band operation is not allowed");
16158 return -EINVAL;
16159 }
16160 }
16161
16162 if (changed_flags)
16163 *changed_flags = changed;
16164
16165 return 0;
16166 }
16167
nl80211_start_nan(struct sk_buff * skb,struct genl_info * info)16168 static int nl80211_start_nan(struct sk_buff *skb, struct genl_info *info)
16169 {
16170 struct cfg80211_registered_device *rdev = info->user_ptr[0];
16171 struct wireless_dev *wdev = info->user_ptr[1];
16172 struct cfg80211_nan_conf conf = {};
16173 int err;
16174
16175 if (wdev->iftype != NL80211_IFTYPE_NAN)
16176 return -EOPNOTSUPP;
16177
16178 if (wdev_running(wdev))
16179 return -EEXIST;
16180
16181 if (rfkill_blocked(rdev->wiphy.rfkill))
16182 return -ERFKILL;
16183
16184 /* Master preference is mandatory for START_NAN */
16185 if (!info->attrs[NL80211_ATTR_NAN_MASTER_PREF])
16186 return -EINVAL;
16187
16188 err = nl80211_parse_nan_conf(&rdev->wiphy, info, &conf, NULL, true);
16189 if (err)
16190 return err;
16191
16192 err = rdev_start_nan(rdev, wdev, &conf);
16193 if (err)
16194 return err;
16195
16196 wdev->is_running = true;
16197 rdev->opencount++;
16198
16199 return 0;
16200 }
16201
nl80211_stop_nan(struct sk_buff * skb,struct genl_info * info)16202 static int nl80211_stop_nan(struct sk_buff *skb, struct genl_info *info)
16203 {
16204 struct cfg80211_registered_device *rdev = info->user_ptr[0];
16205 struct wireless_dev *wdev = info->user_ptr[1];
16206
16207 if (wdev->iftype != NL80211_IFTYPE_NAN)
16208 return -EOPNOTSUPP;
16209
16210 cfg80211_close_dependents(rdev, wdev);
16211
16212 guard(wiphy)(&rdev->wiphy);
16213
16214 cfg80211_stop_nan(rdev, wdev);
16215
16216 return 0;
16217 }
16218
validate_nan_filter(struct nlattr * filter_attr)16219 static int validate_nan_filter(struct nlattr *filter_attr)
16220 {
16221 struct nlattr *attr;
16222 int len = 0, n_entries = 0, rem;
16223
16224 nla_for_each_nested(attr, filter_attr, rem) {
16225 len += nla_len(attr);
16226 n_entries++;
16227 }
16228
16229 if (len >= U8_MAX)
16230 return -EINVAL;
16231
16232 return n_entries;
16233 }
16234
handle_nan_filter(struct nlattr * attr_filter,struct cfg80211_nan_func * func,bool tx)16235 static int handle_nan_filter(struct nlattr *attr_filter,
16236 struct cfg80211_nan_func *func,
16237 bool tx)
16238 {
16239 struct nlattr *attr;
16240 int n_entries, rem, i;
16241 struct cfg80211_nan_func_filter *filter;
16242
16243 n_entries = validate_nan_filter(attr_filter);
16244 if (n_entries < 0)
16245 return n_entries;
16246
16247 BUILD_BUG_ON(sizeof(*func->rx_filters) != sizeof(*func->tx_filters));
16248
16249 filter = kzalloc_objs(*func->rx_filters, n_entries);
16250 if (!filter)
16251 return -ENOMEM;
16252
16253 i = 0;
16254 nla_for_each_nested(attr, attr_filter, rem) {
16255 filter[i].filter = nla_memdup(attr, GFP_KERNEL);
16256 if (!filter[i].filter)
16257 goto err;
16258
16259 filter[i].len = nla_len(attr);
16260 i++;
16261 }
16262 if (tx) {
16263 func->num_tx_filters = n_entries;
16264 func->tx_filters = filter;
16265 } else {
16266 func->num_rx_filters = n_entries;
16267 func->rx_filters = filter;
16268 }
16269
16270 return 0;
16271
16272 err:
16273 i = 0;
16274 nla_for_each_nested(attr, attr_filter, rem) {
16275 kfree(filter[i].filter);
16276 i++;
16277 }
16278 kfree(filter);
16279 return -ENOMEM;
16280 }
16281
nl80211_nan_add_func(struct sk_buff * skb,struct genl_info * info)16282 static int nl80211_nan_add_func(struct sk_buff *skb,
16283 struct genl_info *info)
16284 {
16285 struct cfg80211_registered_device *rdev = info->user_ptr[0];
16286 struct wireless_dev *wdev = info->user_ptr[1];
16287 struct nlattr *tb[NUM_NL80211_NAN_FUNC_ATTR], *func_attr;
16288 struct cfg80211_nan_func *func;
16289 struct sk_buff *msg = NULL;
16290 void *hdr = NULL;
16291 int err = 0;
16292
16293 if (wdev->iftype != NL80211_IFTYPE_NAN)
16294 return -EOPNOTSUPP;
16295
16296 if (!wdev_running(wdev))
16297 return -ENOTCONN;
16298
16299 if (!info->attrs[NL80211_ATTR_NAN_FUNC])
16300 return -EINVAL;
16301
16302 err = nla_parse_nested_deprecated(tb, NL80211_NAN_FUNC_ATTR_MAX,
16303 info->attrs[NL80211_ATTR_NAN_FUNC],
16304 nl80211_nan_func_policy,
16305 info->extack);
16306 if (err)
16307 return err;
16308
16309 func = kzalloc_obj(*func);
16310 if (!func)
16311 return -ENOMEM;
16312
16313 func->cookie = cfg80211_assign_cookie(rdev);
16314
16315 if (!tb[NL80211_NAN_FUNC_TYPE]) {
16316 err = -EINVAL;
16317 goto out;
16318 }
16319
16320
16321 func->type = nla_get_u8(tb[NL80211_NAN_FUNC_TYPE]);
16322
16323 if (!tb[NL80211_NAN_FUNC_SERVICE_ID]) {
16324 err = -EINVAL;
16325 goto out;
16326 }
16327
16328 memcpy(func->service_id, nla_data(tb[NL80211_NAN_FUNC_SERVICE_ID]),
16329 sizeof(func->service_id));
16330
16331 func->close_range =
16332 nla_get_flag(tb[NL80211_NAN_FUNC_CLOSE_RANGE]);
16333
16334 if (tb[NL80211_NAN_FUNC_SERVICE_INFO]) {
16335 func->serv_spec_info_len =
16336 nla_len(tb[NL80211_NAN_FUNC_SERVICE_INFO]);
16337 func->serv_spec_info =
16338 kmemdup(nla_data(tb[NL80211_NAN_FUNC_SERVICE_INFO]),
16339 func->serv_spec_info_len,
16340 GFP_KERNEL);
16341 if (!func->serv_spec_info) {
16342 err = -ENOMEM;
16343 goto out;
16344 }
16345 }
16346
16347 if (tb[NL80211_NAN_FUNC_TTL])
16348 func->ttl = nla_get_u32(tb[NL80211_NAN_FUNC_TTL]);
16349
16350 switch (func->type) {
16351 case NL80211_NAN_FUNC_PUBLISH:
16352 if (!tb[NL80211_NAN_FUNC_PUBLISH_TYPE]) {
16353 err = -EINVAL;
16354 goto out;
16355 }
16356
16357 func->publish_type =
16358 nla_get_u8(tb[NL80211_NAN_FUNC_PUBLISH_TYPE]);
16359 func->publish_bcast =
16360 nla_get_flag(tb[NL80211_NAN_FUNC_PUBLISH_BCAST]);
16361
16362 if ((!(func->publish_type & NL80211_NAN_SOLICITED_PUBLISH)) &&
16363 func->publish_bcast) {
16364 err = -EINVAL;
16365 goto out;
16366 }
16367 break;
16368 case NL80211_NAN_FUNC_SUBSCRIBE:
16369 func->subscribe_active =
16370 nla_get_flag(tb[NL80211_NAN_FUNC_SUBSCRIBE_ACTIVE]);
16371 break;
16372 case NL80211_NAN_FUNC_FOLLOW_UP:
16373 if (!tb[NL80211_NAN_FUNC_FOLLOW_UP_ID] ||
16374 !tb[NL80211_NAN_FUNC_FOLLOW_UP_REQ_ID] ||
16375 !tb[NL80211_NAN_FUNC_FOLLOW_UP_DEST]) {
16376 err = -EINVAL;
16377 goto out;
16378 }
16379
16380 func->followup_id =
16381 nla_get_u8(tb[NL80211_NAN_FUNC_FOLLOW_UP_ID]);
16382 func->followup_reqid =
16383 nla_get_u8(tb[NL80211_NAN_FUNC_FOLLOW_UP_REQ_ID]);
16384 memcpy(func->followup_dest.addr,
16385 nla_data(tb[NL80211_NAN_FUNC_FOLLOW_UP_DEST]),
16386 sizeof(func->followup_dest.addr));
16387 if (func->ttl) {
16388 err = -EINVAL;
16389 goto out;
16390 }
16391 break;
16392 default:
16393 err = -EINVAL;
16394 goto out;
16395 }
16396
16397 if (tb[NL80211_NAN_FUNC_SRF]) {
16398 struct nlattr *srf_tb[NUM_NL80211_NAN_SRF_ATTR];
16399
16400 err = nla_parse_nested_deprecated(srf_tb,
16401 NL80211_NAN_SRF_ATTR_MAX,
16402 tb[NL80211_NAN_FUNC_SRF],
16403 nl80211_nan_srf_policy,
16404 info->extack);
16405 if (err)
16406 goto out;
16407
16408 func->srf_include =
16409 nla_get_flag(srf_tb[NL80211_NAN_SRF_INCLUDE]);
16410
16411 if (srf_tb[NL80211_NAN_SRF_BF]) {
16412 if (srf_tb[NL80211_NAN_SRF_MAC_ADDRS] ||
16413 !srf_tb[NL80211_NAN_SRF_BF_IDX]) {
16414 err = -EINVAL;
16415 goto out;
16416 }
16417
16418 func->srf_bf_len =
16419 nla_len(srf_tb[NL80211_NAN_SRF_BF]);
16420 func->srf_bf =
16421 kmemdup(nla_data(srf_tb[NL80211_NAN_SRF_BF]),
16422 func->srf_bf_len, GFP_KERNEL);
16423 if (!func->srf_bf) {
16424 err = -ENOMEM;
16425 goto out;
16426 }
16427
16428 func->srf_bf_idx =
16429 nla_get_u8(srf_tb[NL80211_NAN_SRF_BF_IDX]);
16430 } else {
16431 struct nlattr *attr, *mac_attr =
16432 srf_tb[NL80211_NAN_SRF_MAC_ADDRS];
16433 int n_entries, rem, i = 0;
16434
16435 if (!mac_attr) {
16436 err = -EINVAL;
16437 goto out;
16438 }
16439
16440 n_entries = validate_acl_mac_addrs(mac_attr);
16441 if (n_entries <= 0) {
16442 err = -EINVAL;
16443 goto out;
16444 }
16445
16446 func->srf_num_macs = n_entries;
16447 func->srf_macs =
16448 kzalloc_objs(*func->srf_macs, n_entries);
16449 if (!func->srf_macs) {
16450 err = -ENOMEM;
16451 goto out;
16452 }
16453
16454 nla_for_each_nested(attr, mac_attr, rem)
16455 memcpy(func->srf_macs[i++].addr, nla_data(attr),
16456 sizeof(*func->srf_macs));
16457 }
16458 }
16459
16460 if (tb[NL80211_NAN_FUNC_TX_MATCH_FILTER]) {
16461 err = handle_nan_filter(tb[NL80211_NAN_FUNC_TX_MATCH_FILTER],
16462 func, true);
16463 if (err)
16464 goto out;
16465 }
16466
16467 if (tb[NL80211_NAN_FUNC_RX_MATCH_FILTER]) {
16468 err = handle_nan_filter(tb[NL80211_NAN_FUNC_RX_MATCH_FILTER],
16469 func, false);
16470 if (err)
16471 goto out;
16472 }
16473
16474 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
16475 if (!msg) {
16476 err = -ENOMEM;
16477 goto out;
16478 }
16479
16480 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
16481 NL80211_CMD_ADD_NAN_FUNCTION);
16482 /* This can't really happen - we just allocated 4KB */
16483 if (WARN_ON(!hdr)) {
16484 err = -ENOMEM;
16485 goto out;
16486 }
16487
16488 err = rdev_add_nan_func(rdev, wdev, func);
16489 out:
16490 if (err < 0) {
16491 cfg80211_free_nan_func(func);
16492 nlmsg_free(msg);
16493 return err;
16494 }
16495
16496 /* propagate the instance id and cookie to userspace */
16497 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, func->cookie,
16498 NL80211_ATTR_PAD))
16499 goto nla_put_failure;
16500
16501 func_attr = nla_nest_start_noflag(msg, NL80211_ATTR_NAN_FUNC);
16502 if (!func_attr)
16503 goto nla_put_failure;
16504
16505 if (nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID,
16506 func->instance_id))
16507 goto nla_put_failure;
16508
16509 nla_nest_end(msg, func_attr);
16510
16511 genlmsg_end(msg, hdr);
16512 return genlmsg_reply(msg, info);
16513
16514 nla_put_failure:
16515 nlmsg_free(msg);
16516 return -ENOBUFS;
16517 }
16518
nl80211_nan_del_func(struct sk_buff * skb,struct genl_info * info)16519 static int nl80211_nan_del_func(struct sk_buff *skb,
16520 struct genl_info *info)
16521 {
16522 struct cfg80211_registered_device *rdev = info->user_ptr[0];
16523 struct wireless_dev *wdev = info->user_ptr[1];
16524 u64 cookie;
16525
16526 if (wdev->iftype != NL80211_IFTYPE_NAN)
16527 return -EOPNOTSUPP;
16528
16529 if (!wdev_running(wdev))
16530 return -ENOTCONN;
16531
16532 if (!info->attrs[NL80211_ATTR_COOKIE])
16533 return -EINVAL;
16534
16535 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
16536
16537 rdev_del_nan_func(rdev, wdev, cookie);
16538
16539 return 0;
16540 }
16541
nl80211_nan_change_config(struct sk_buff * skb,struct genl_info * info)16542 static int nl80211_nan_change_config(struct sk_buff *skb,
16543 struct genl_info *info)
16544 {
16545 struct cfg80211_registered_device *rdev = info->user_ptr[0];
16546 struct wireless_dev *wdev = info->user_ptr[1];
16547 struct cfg80211_nan_conf conf = {};
16548 u32 changed = 0;
16549 int err;
16550
16551 if (wdev->iftype != NL80211_IFTYPE_NAN)
16552 return -EOPNOTSUPP;
16553
16554 if (!wdev_running(wdev))
16555 return -ENOTCONN;
16556
16557 err = nl80211_parse_nan_conf(&rdev->wiphy, info, &conf, &changed, false);
16558 if (err)
16559 return err;
16560
16561 if (!changed)
16562 return -EINVAL;
16563
16564 return rdev_nan_change_conf(rdev, wdev, &conf, changed);
16565 }
16566
cfg80211_nan_match(struct wireless_dev * wdev,struct cfg80211_nan_match_params * match,gfp_t gfp)16567 void cfg80211_nan_match(struct wireless_dev *wdev,
16568 struct cfg80211_nan_match_params *match, gfp_t gfp)
16569 {
16570 struct wiphy *wiphy = wdev->wiphy;
16571 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
16572 struct nlattr *match_attr, *local_func_attr, *peer_func_attr;
16573 struct sk_buff *msg;
16574 void *hdr;
16575
16576 if (WARN_ON(wiphy->nan_capa.flags & WIPHY_NAN_FLAGS_USERSPACE_DE))
16577 return;
16578
16579 if (WARN_ON(!match->inst_id || !match->peer_inst_id || !match->addr))
16580 return;
16581
16582 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
16583 if (!msg)
16584 return;
16585
16586 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NAN_MATCH);
16587 if (!hdr) {
16588 nlmsg_free(msg);
16589 return;
16590 }
16591
16592 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16593 (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
16594 wdev->netdev->ifindex)) ||
16595 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
16596 NL80211_ATTR_PAD))
16597 goto nla_put_failure;
16598
16599 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, match->cookie,
16600 NL80211_ATTR_PAD) ||
16601 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, match->addr))
16602 goto nla_put_failure;
16603
16604 match_attr = nla_nest_start_noflag(msg, NL80211_ATTR_NAN_MATCH);
16605 if (!match_attr)
16606 goto nla_put_failure;
16607
16608 local_func_attr = nla_nest_start_noflag(msg,
16609 NL80211_NAN_MATCH_FUNC_LOCAL);
16610 if (!local_func_attr)
16611 goto nla_put_failure;
16612
16613 if (nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID, match->inst_id))
16614 goto nla_put_failure;
16615
16616 nla_nest_end(msg, local_func_attr);
16617
16618 peer_func_attr = nla_nest_start_noflag(msg,
16619 NL80211_NAN_MATCH_FUNC_PEER);
16620 if (!peer_func_attr)
16621 goto nla_put_failure;
16622
16623 if (nla_put_u8(msg, NL80211_NAN_FUNC_TYPE, match->type) ||
16624 nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID, match->peer_inst_id))
16625 goto nla_put_failure;
16626
16627 if (match->info && match->info_len &&
16628 nla_put(msg, NL80211_NAN_FUNC_SERVICE_INFO, match->info_len,
16629 match->info))
16630 goto nla_put_failure;
16631
16632 nla_nest_end(msg, peer_func_attr);
16633 nla_nest_end(msg, match_attr);
16634 genlmsg_end(msg, hdr);
16635
16636 if (!wdev->owner_nlportid)
16637 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy),
16638 msg, 0, NL80211_MCGRP_NAN, gfp);
16639 else
16640 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg,
16641 wdev->owner_nlportid);
16642
16643 return;
16644
16645 nla_put_failure:
16646 nlmsg_free(msg);
16647 }
16648 EXPORT_SYMBOL(cfg80211_nan_match);
16649
cfg80211_nan_func_terminated(struct wireless_dev * wdev,u8 inst_id,enum nl80211_nan_func_term_reason reason,u64 cookie,gfp_t gfp)16650 void cfg80211_nan_func_terminated(struct wireless_dev *wdev,
16651 u8 inst_id,
16652 enum nl80211_nan_func_term_reason reason,
16653 u64 cookie, gfp_t gfp)
16654 {
16655 struct wiphy *wiphy = wdev->wiphy;
16656 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
16657 struct sk_buff *msg;
16658 struct nlattr *func_attr;
16659 void *hdr;
16660
16661 if (WARN_ON(wiphy->nan_capa.flags & WIPHY_NAN_FLAGS_USERSPACE_DE))
16662 return;
16663
16664 if (WARN_ON(!inst_id))
16665 return;
16666
16667 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
16668 if (!msg)
16669 return;
16670
16671 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DEL_NAN_FUNCTION);
16672 if (!hdr) {
16673 nlmsg_free(msg);
16674 return;
16675 }
16676
16677 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16678 (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
16679 wdev->netdev->ifindex)) ||
16680 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
16681 NL80211_ATTR_PAD))
16682 goto nla_put_failure;
16683
16684 if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
16685 NL80211_ATTR_PAD))
16686 goto nla_put_failure;
16687
16688 func_attr = nla_nest_start_noflag(msg, NL80211_ATTR_NAN_FUNC);
16689 if (!func_attr)
16690 goto nla_put_failure;
16691
16692 if (nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID, inst_id) ||
16693 nla_put_u8(msg, NL80211_NAN_FUNC_TERM_REASON, reason))
16694 goto nla_put_failure;
16695
16696 nla_nest_end(msg, func_attr);
16697 genlmsg_end(msg, hdr);
16698
16699 if (!wdev->owner_nlportid)
16700 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy),
16701 msg, 0, NL80211_MCGRP_NAN, gfp);
16702 else
16703 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg,
16704 wdev->owner_nlportid);
16705
16706 return;
16707
16708 nla_put_failure:
16709 nlmsg_free(msg);
16710 }
16711 EXPORT_SYMBOL(cfg80211_nan_func_terminated);
16712
cfg80211_nan_sched_update_done(struct wireless_dev * wdev,bool success,gfp_t gfp)16713 void cfg80211_nan_sched_update_done(struct wireless_dev *wdev, bool success,
16714 gfp_t gfp)
16715 {
16716 struct wiphy *wiphy = wdev->wiphy;
16717 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
16718 struct sk_buff *msg;
16719 void *hdr;
16720
16721 trace_cfg80211_nan_sched_update_done(wiphy, wdev, success);
16722
16723 /* Can happen if we stopped NAN */
16724 if (!wdev->u.nan.sched_update_pending)
16725 return;
16726
16727 wdev->u.nan.sched_update_pending = false;
16728
16729 if (!wdev->owner_nlportid)
16730 return;
16731
16732 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
16733 if (!msg)
16734 return;
16735
16736 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NAN_SCHED_UPDATE_DONE);
16737 if (!hdr)
16738 goto nla_put_failure;
16739
16740 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16741 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
16742 NL80211_ATTR_PAD) ||
16743 (success &&
16744 nla_put_flag(msg, NL80211_ATTR_NAN_SCHED_UPDATE_SUCCESS)))
16745 goto nla_put_failure;
16746
16747 genlmsg_end(msg, hdr);
16748
16749 genlmsg_unicast(wiphy_net(wiphy), msg, wdev->owner_nlportid);
16750
16751 return;
16752
16753 nla_put_failure:
16754 nlmsg_free(msg);
16755 }
16756 EXPORT_SYMBOL(cfg80211_nan_sched_update_done);
16757
nl80211_parse_nan_channel(struct cfg80211_registered_device * rdev,struct nlattr * channel,struct genl_info * info,struct cfg80211_nan_channel * nan_channels,u8 index,bool local)16758 static int nl80211_parse_nan_channel(struct cfg80211_registered_device *rdev,
16759 struct nlattr *channel,
16760 struct genl_info *info,
16761 struct cfg80211_nan_channel *nan_channels,
16762 u8 index, bool local)
16763 {
16764 struct nlattr **channel_parsed __free(kfree) = NULL;
16765 struct cfg80211_chan_def chandef;
16766 u8 n_rx_nss;
16767 int ret;
16768
16769 channel_parsed = kcalloc(NL80211_ATTR_MAX + 1, sizeof(*channel_parsed),
16770 GFP_KERNEL);
16771 if (!channel_parsed)
16772 return -ENOMEM;
16773
16774 ret = nla_parse_nested(channel_parsed, NL80211_ATTR_MAX, channel, NULL,
16775 info->extack);
16776 if (ret)
16777 return ret;
16778
16779 ret = nl80211_parse_chandef(rdev, info->extack, channel_parsed,
16780 &chandef);
16781 if (ret)
16782 return ret;
16783
16784 if (chandef.chan->band == NL80211_BAND_6GHZ) {
16785 NL_SET_ERR_MSG(info->extack,
16786 "6 GHz band is not supported");
16787 return -EOPNOTSUPP;
16788 }
16789
16790 if (!cfg80211_reg_can_beacon(&rdev->wiphy, &chandef,
16791 NL80211_IFTYPE_NAN)) {
16792 NL_SET_ERR_MSG_ATTR(info->extack, channel,
16793 "Channel in NAN schedule is not allowed for NAN operation");
16794 return -EINVAL;
16795 }
16796
16797 if (local) {
16798 for (int i = 0; i < index; i++) {
16799 if (cfg80211_chandef_compatible(&nan_channels[i].chandef,
16800 &chandef)) {
16801 NL_SET_ERR_MSG_ATTR(info->extack, channel,
16802 "Channels in NAN schedule must be mutually incompatible");
16803 return -EINVAL;
16804 }
16805 }
16806 }
16807
16808 if (!channel_parsed[NL80211_ATTR_NAN_CHANNEL_ENTRY]) {
16809 NL_SET_ERR_MSG(info->extack,
16810 "Missing NAN channel entry attribute");
16811 return -EINVAL;
16812 }
16813
16814 nan_channels[index].channel_entry =
16815 nla_data(channel_parsed[NL80211_ATTR_NAN_CHANNEL_ENTRY]);
16816
16817 if (!channel_parsed[NL80211_ATTR_NAN_RX_NSS]) {
16818 NL_SET_ERR_MSG(info->extack,
16819 "Missing NAN RX NSS attribute");
16820 return -EINVAL;
16821 }
16822
16823 nan_channels[index].rx_nss =
16824 nla_get_u8(channel_parsed[NL80211_ATTR_NAN_RX_NSS]);
16825
16826 n_rx_nss = u8_get_bits(rdev->wiphy.nan_capa.n_antennas, 0x03);
16827 if ((local && nan_channels[index].rx_nss > n_rx_nss) ||
16828 !nan_channels[index].rx_nss) {
16829 NL_SET_ERR_MSG_ATTR(info->extack, channel,
16830 "Invalid RX NSS in NAN channel definition");
16831 return -EINVAL;
16832 }
16833
16834 nan_channels[index].chandef = chandef;
16835
16836 return 0;
16837 }
16838
16839 static int
nl80211_parse_nan_schedule(struct genl_info * info,struct nlattr * slots_attr,u8 schedule[CFG80211_NAN_SCHED_NUM_TIME_SLOTS],u8 n_channels)16840 nl80211_parse_nan_schedule(struct genl_info *info, struct nlattr *slots_attr,
16841 u8 schedule[CFG80211_NAN_SCHED_NUM_TIME_SLOTS],
16842 u8 n_channels)
16843 {
16844 if (WARN_ON(nla_len(slots_attr) != CFG80211_NAN_SCHED_NUM_TIME_SLOTS))
16845 return -EINVAL;
16846
16847 memcpy(schedule, nla_data(slots_attr), nla_len(slots_attr));
16848
16849 for (int slot = 0; slot < CFG80211_NAN_SCHED_NUM_TIME_SLOTS; slot++) {
16850 if (schedule[slot] != NL80211_NAN_SCHED_NOT_AVAIL_SLOT &&
16851 schedule[slot] >= n_channels) {
16852 NL_SET_ERR_MSG_FMT(info->extack,
16853 "Invalid time slot: slot %d refers to channel index %d, n_channels=%d",
16854 slot, schedule[slot], n_channels);
16855 return -EINVAL;
16856 }
16857 }
16858
16859 return 0;
16860 }
16861
16862 static int
nl80211_parse_nan_peer_map(struct genl_info * info,struct nlattr * map_attr,struct cfg80211_nan_peer_map * map,u8 n_channels)16863 nl80211_parse_nan_peer_map(struct genl_info *info, struct nlattr *map_attr,
16864 struct cfg80211_nan_peer_map *map, u8 n_channels)
16865 {
16866 struct nlattr *tb[NL80211_NAN_PEER_MAP_ATTR_MAX + 1];
16867 int ret;
16868
16869 ret = nla_parse_nested(tb, NL80211_NAN_PEER_MAP_ATTR_MAX, map_attr,
16870 nl80211_nan_peer_map_policy, info->extack);
16871 if (ret)
16872 return ret;
16873
16874 if (!tb[NL80211_NAN_PEER_MAP_ATTR_MAP_ID] ||
16875 !tb[NL80211_NAN_PEER_MAP_ATTR_TIME_SLOTS]) {
16876 NL_SET_ERR_MSG(info->extack,
16877 "Missing required peer map attributes");
16878 return -EINVAL;
16879 }
16880
16881 map->map_id = nla_get_u8(tb[NL80211_NAN_PEER_MAP_ATTR_MAP_ID]);
16882
16883 /* Parse schedule */
16884 return nl80211_parse_nan_schedule(info,
16885 tb[NL80211_NAN_PEER_MAP_ATTR_TIME_SLOTS],
16886 map->schedule, n_channels);
16887 }
16888
nl80211_nan_validate_map_pair(struct wiphy * wiphy,struct genl_info * info,const struct cfg80211_nan_peer_map * map1,const struct cfg80211_nan_peer_map * map2,struct cfg80211_nan_channel * nan_channels)16889 static int nl80211_nan_validate_map_pair(struct wiphy *wiphy,
16890 struct genl_info *info,
16891 const struct cfg80211_nan_peer_map *map1,
16892 const struct cfg80211_nan_peer_map *map2,
16893 struct cfg80211_nan_channel *nan_channels)
16894 {
16895 /* Check for duplicate map_id */
16896 if (map1->map_id == map2->map_id) {
16897 NL_SET_ERR_MSG_FMT(info->extack, "Duplicate map_id %u",
16898 map1->map_id);
16899 return -EINVAL;
16900 }
16901
16902 /* Check for compatible channels between maps */
16903 for (int i = 0; i < ARRAY_SIZE(map1->schedule); i++) {
16904 if (map1->schedule[i] == NL80211_NAN_SCHED_NOT_AVAIL_SLOT)
16905 continue;
16906
16907 for (int j = 0; j < ARRAY_SIZE(map2->schedule); j++) {
16908 u8 ch1 = map1->schedule[i];
16909 u8 ch2 = map2->schedule[j];
16910
16911 if (ch2 == NL80211_NAN_SCHED_NOT_AVAIL_SLOT)
16912 continue;
16913
16914 if (cfg80211_chandef_compatible(&nan_channels[ch1].chandef,
16915 &nan_channels[ch2].chandef)) {
16916 NL_SET_ERR_MSG_FMT(info->extack,
16917 "Maps %u and %u have compatible channels %d and %d",
16918 map1->map_id, map2->map_id,
16919 ch1, ch2);
16920 return -EINVAL;
16921 }
16922 }
16923 }
16924
16925 /*
16926 * Check for conflicting time slots between maps.
16927 * Only check for single-radio devices (n_radio <= 1) which cannot
16928 * operate on multiple channels simultaneously.
16929 */
16930 if (wiphy->n_radio > 1)
16931 return 0;
16932
16933 for (int i = 0; i < ARRAY_SIZE(map1->schedule); i++) {
16934 if (map1->schedule[i] != NL80211_NAN_SCHED_NOT_AVAIL_SLOT &&
16935 map2->schedule[i] != NL80211_NAN_SCHED_NOT_AVAIL_SLOT) {
16936 NL_SET_ERR_MSG_FMT(info->extack,
16937 "Maps %u and %u both schedule slot %d",
16938 map1->map_id, map2->map_id, i);
16939 return -EINVAL;
16940 }
16941 }
16942
16943 return 0;
16944 }
16945
nl80211_nan_set_peer_sched(struct sk_buff * skb,struct genl_info * info)16946 static int nl80211_nan_set_peer_sched(struct sk_buff *skb,
16947 struct genl_info *info)
16948 {
16949 struct cfg80211_registered_device *rdev = info->user_ptr[0];
16950 struct cfg80211_nan_channel *nan_channels __free(kfree) = NULL;
16951 struct cfg80211_nan_peer_sched sched = {};
16952 struct wireless_dev *wdev = info->user_ptr[1];
16953 struct nlattr *map_attr, *channel;
16954 int ret, n_maps = 0, n_channels = 0, i = 0, rem;
16955
16956 if (wdev->iftype != NL80211_IFTYPE_NAN)
16957 return -EOPNOTSUPP;
16958
16959 if (!info->attrs[NL80211_ATTR_MAC] ||
16960 !info->attrs[NL80211_ATTR_NAN_COMMITTED_DW]) {
16961 NL_SET_ERR_MSG(info->extack,
16962 "Required NAN peer schedule attributes are missing");
16963 return -EINVAL;
16964 }
16965
16966 /* First count how many channel attributes we got */
16967 nlmsg_for_each_attr_type(channel, NL80211_ATTR_NAN_CHANNEL,
16968 info->nlhdr, GENL_HDRLEN, rem)
16969 n_channels++;
16970
16971 if (!((info->attrs[NL80211_ATTR_NAN_SEQ_ID] &&
16972 info->attrs[NL80211_ATTR_NAN_PEER_MAPS] && n_channels) ||
16973 ((!info->attrs[NL80211_ATTR_NAN_SEQ_ID] &&
16974 !info->attrs[NL80211_ATTR_NAN_PEER_MAPS] && !n_channels)))) {
16975 NL_SET_ERR_MSG(info->extack,
16976 "Either provide all of: seq id, channels and maps, or none");
16977 return -EINVAL;
16978 }
16979
16980 /*
16981 * Limit the number of peer channels to:
16982 * local_channels * 4 (possible BWs) * 2 (possible NSS values)
16983 */
16984 if (n_channels && n_channels > wdev->u.nan.n_channels * 4 * 2) {
16985 NL_SET_ERR_MSG_FMT(info->extack,
16986 "Too many peer channels: %d (max %d)",
16987 n_channels,
16988 wdev->u.nan.n_channels * 4 * 2);
16989 return -EINVAL;
16990 }
16991
16992 if (n_channels) {
16993 nan_channels = kcalloc(n_channels, sizeof(*nan_channels),
16994 GFP_KERNEL);
16995 if (!nan_channels)
16996 return -ENOMEM;
16997 }
16998
16999 /* Parse peer channels */
17000 nlmsg_for_each_attr_type(channel, NL80211_ATTR_NAN_CHANNEL,
17001 info->nlhdr, GENL_HDRLEN, rem) {
17002 bool compatible = false;
17003
17004 ret = nl80211_parse_nan_channel(rdev, channel, info,
17005 nan_channels, i, false);
17006 if (ret)
17007 return ret;
17008
17009 /* Verify channel is compatible with at least one local channel */
17010 for (int j = 0; j < wdev->u.nan.n_channels; j++) {
17011 if (cfg80211_chandef_compatible(&nan_channels[i].chandef,
17012 &wdev->u.nan.chandefs[j])) {
17013 compatible = true;
17014 break;
17015 }
17016 }
17017 if (!compatible) {
17018 NL_SET_ERR_MSG_FMT(info->extack,
17019 "Channel %d not compatible with any local channel",
17020 i);
17021 return -EINVAL;
17022 }
17023 i++;
17024 }
17025
17026 sched.n_channels = n_channels;
17027 sched.nan_channels = nan_channels;
17028 sched.peer_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
17029 sched.seq_id = nla_get_u8_default(info->attrs[NL80211_ATTR_NAN_SEQ_ID], 0);
17030 sched.committed_dw = nla_get_u16(info->attrs[NL80211_ATTR_NAN_COMMITTED_DW]);
17031 sched.max_chan_switch =
17032 nla_get_u16_default(info->attrs[NL80211_ATTR_NAN_MAX_CHAN_SWITCH_TIME], 0);
17033
17034 if (info->attrs[NL80211_ATTR_NAN_ULW]) {
17035 sched.ulw_size = nla_len(info->attrs[NL80211_ATTR_NAN_ULW]);
17036 sched.init_ulw = nla_data(info->attrs[NL80211_ATTR_NAN_ULW]);
17037 }
17038
17039 /* Initialize all maps as invalid */
17040 for (int j = 0; j < ARRAY_SIZE(sched.maps); j++)
17041 sched.maps[j].map_id = CFG80211_NAN_INVALID_MAP_ID;
17042
17043 if (info->attrs[NL80211_ATTR_NAN_PEER_MAPS]) {
17044 /* Parse each map */
17045 nla_for_each_nested(map_attr, info->attrs[NL80211_ATTR_NAN_PEER_MAPS],
17046 rem) {
17047 if (n_maps >= ARRAY_SIZE(sched.maps)) {
17048 NL_SET_ERR_MSG(info->extack, "Too many peer maps");
17049 return -EINVAL;
17050 }
17051
17052 ret = nl80211_parse_nan_peer_map(info, map_attr,
17053 &sched.maps[n_maps],
17054 n_channels);
17055 if (ret)
17056 return ret;
17057
17058 /* Validate against previous maps */
17059 for (int j = 0; j < n_maps; j++) {
17060 ret = nl80211_nan_validate_map_pair(&rdev->wiphy, info,
17061 &sched.maps[j],
17062 &sched.maps[n_maps],
17063 nan_channels);
17064 if (ret)
17065 return ret;
17066 }
17067
17068 n_maps++;
17069 }
17070 }
17071
17072 /* Verify each channel is scheduled at least once */
17073 for (int ch = 0; ch < n_channels; ch++) {
17074 bool scheduled = false;
17075
17076 for (int m = 0; m < n_maps && !scheduled; m++) {
17077 for (int s = 0; s < ARRAY_SIZE(sched.maps[m].schedule); s++) {
17078 if (sched.maps[m].schedule[s] == ch) {
17079 scheduled = true;
17080 break;
17081 }
17082 }
17083 }
17084 if (!scheduled) {
17085 NL_SET_ERR_MSG_FMT(info->extack,
17086 "Channel %d is not scheduled in any map",
17087 ch);
17088 return -EINVAL;
17089 }
17090 }
17091
17092 return rdev_nan_set_peer_sched(rdev, wdev, &sched);
17093 }
17094
nl80211_nan_is_sched_empty(struct cfg80211_nan_local_sched * sched)17095 static bool nl80211_nan_is_sched_empty(struct cfg80211_nan_local_sched *sched)
17096 {
17097 if (!sched->n_channels)
17098 return true;
17099
17100 for (int i = 0; i < ARRAY_SIZE(sched->schedule); i++) {
17101 if (sched->schedule[i] != NL80211_NAN_SCHED_NOT_AVAIL_SLOT)
17102 return false;
17103 }
17104
17105 return true;
17106 }
17107
nl80211_nan_set_local_sched(struct sk_buff * skb,struct genl_info * info)17108 static int nl80211_nan_set_local_sched(struct sk_buff *skb,
17109 struct genl_info *info)
17110 {
17111 struct cfg80211_registered_device *rdev = info->user_ptr[0];
17112 struct cfg80211_nan_local_sched *sched __free(kfree) = NULL;
17113 struct wireless_dev *wdev = info->user_ptr[1];
17114 int rem, i = 0, n_channels = 0, ret;
17115 struct nlattr *channel;
17116 bool sched_empty;
17117
17118 if (wdev->iftype != NL80211_IFTYPE_NAN)
17119 return -EOPNOTSUPP;
17120
17121 if (!wdev_running(wdev))
17122 return -ENOTCONN;
17123
17124 if (!info->attrs[NL80211_ATTR_NAN_TIME_SLOTS])
17125 return -EINVAL;
17126
17127 /* First count how many channel attributes we got */
17128 nlmsg_for_each_attr_type(channel, NL80211_ATTR_NAN_CHANNEL,
17129 info->nlhdr, GENL_HDRLEN, rem)
17130 n_channels++;
17131
17132 sched = kzalloc(struct_size(sched, nan_channels, n_channels),
17133 GFP_KERNEL);
17134 if (!sched)
17135 return -ENOMEM;
17136
17137 sched->n_channels = n_channels;
17138
17139 nlmsg_for_each_attr_type(channel, NL80211_ATTR_NAN_CHANNEL,
17140 info->nlhdr, GENL_HDRLEN, rem) {
17141 ret = nl80211_parse_nan_channel(rdev, channel, info,
17142 sched->nan_channels, i, true);
17143
17144 if (ret)
17145 return ret;
17146 i++;
17147 }
17148
17149 /* Parse and validate schedule */
17150 ret = nl80211_parse_nan_schedule(info,
17151 info->attrs[NL80211_ATTR_NAN_TIME_SLOTS],
17152 sched->schedule, sched->n_channels);
17153 if (ret)
17154 return ret;
17155
17156 sched_empty = nl80211_nan_is_sched_empty(sched);
17157
17158 sched->deferred =
17159 nla_get_flag(info->attrs[NL80211_ATTR_NAN_SCHED_DEFERRED]);
17160
17161 if (sched_empty) {
17162 if (sched->deferred) {
17163 NL_SET_ERR_MSG(info->extack,
17164 "Schedule cannot be deferred if all time slots are unavailable");
17165 return -EINVAL;
17166 }
17167
17168 if (info->attrs[NL80211_ATTR_NAN_AVAIL_BLOB]) {
17169 NL_SET_ERR_MSG(info->extack,
17170 "NAN Availability blob must be empty if all time slots are unavailable");
17171 return -EINVAL;
17172 }
17173 } else {
17174 if (!info->attrs[NL80211_ATTR_NAN_AVAIL_BLOB]) {
17175 NL_SET_ERR_MSG(info->extack,
17176 "NAN Availability blob attribute is required");
17177 return -EINVAL;
17178 }
17179
17180 sched->nan_avail_blob =
17181 nla_data(info->attrs[NL80211_ATTR_NAN_AVAIL_BLOB]);
17182 sched->nan_avail_blob_len =
17183 nla_len(info->attrs[NL80211_ATTR_NAN_AVAIL_BLOB]);
17184 }
17185
17186 return cfg80211_nan_set_local_schedule(rdev, wdev, sched);
17187 }
17188
nl80211_get_protocol_features(struct sk_buff * skb,struct genl_info * info)17189 static int nl80211_get_protocol_features(struct sk_buff *skb,
17190 struct genl_info *info)
17191 {
17192 void *hdr;
17193 struct sk_buff *msg;
17194
17195 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
17196 if (!msg)
17197 return -ENOMEM;
17198
17199 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
17200 NL80211_CMD_GET_PROTOCOL_FEATURES);
17201 if (!hdr)
17202 goto nla_put_failure;
17203
17204 if (nla_put_u32(msg, NL80211_ATTR_PROTOCOL_FEATURES,
17205 NL80211_PROTOCOL_FEATURE_SPLIT_WIPHY_DUMP))
17206 goto nla_put_failure;
17207
17208 genlmsg_end(msg, hdr);
17209 return genlmsg_reply(msg, info);
17210
17211 nla_put_failure:
17212 kfree_skb(msg);
17213 return -ENOBUFS;
17214 }
17215
nl80211_update_ft_ies(struct sk_buff * skb,struct genl_info * info)17216 static int nl80211_update_ft_ies(struct sk_buff *skb, struct genl_info *info)
17217 {
17218 struct cfg80211_registered_device *rdev = info->user_ptr[0];
17219 struct cfg80211_update_ft_ies_params ft_params;
17220 struct net_device *dev = info->user_ptr[1];
17221
17222 if (!rdev->ops->update_ft_ies)
17223 return -EOPNOTSUPP;
17224
17225 if (!info->attrs[NL80211_ATTR_MDID] ||
17226 !info->attrs[NL80211_ATTR_IE])
17227 return -EINVAL;
17228
17229 memset(&ft_params, 0, sizeof(ft_params));
17230 ft_params.md = nla_get_u16(info->attrs[NL80211_ATTR_MDID]);
17231 ft_params.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
17232 ft_params.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
17233
17234 return rdev_update_ft_ies(rdev, dev, &ft_params);
17235 }
17236
nl80211_crit_protocol_start(struct sk_buff * skb,struct genl_info * info)17237 static int nl80211_crit_protocol_start(struct sk_buff *skb,
17238 struct genl_info *info)
17239 {
17240 struct cfg80211_registered_device *rdev = info->user_ptr[0];
17241 struct wireless_dev *wdev = info->user_ptr[1];
17242 enum nl80211_crit_proto_id proto = NL80211_CRIT_PROTO_UNSPEC;
17243 u16 duration;
17244 int ret;
17245
17246 if (!rdev->ops->crit_proto_start)
17247 return -EOPNOTSUPP;
17248
17249 if (WARN_ON(!rdev->ops->crit_proto_stop))
17250 return -EINVAL;
17251
17252 if (rdev->crit_proto_nlportid)
17253 return -EBUSY;
17254
17255 /* determine protocol if provided */
17256 if (info->attrs[NL80211_ATTR_CRIT_PROT_ID])
17257 proto = nla_get_u16(info->attrs[NL80211_ATTR_CRIT_PROT_ID]);
17258
17259 if (proto >= NUM_NL80211_CRIT_PROTO)
17260 return -EINVAL;
17261
17262 /* timeout must be provided */
17263 if (!info->attrs[NL80211_ATTR_MAX_CRIT_PROT_DURATION])
17264 return -EINVAL;
17265
17266 duration =
17267 nla_get_u16(info->attrs[NL80211_ATTR_MAX_CRIT_PROT_DURATION]);
17268
17269 ret = rdev_crit_proto_start(rdev, wdev, proto, duration);
17270 if (!ret)
17271 rdev->crit_proto_nlportid = info->snd_portid;
17272
17273 return ret;
17274 }
17275
nl80211_crit_protocol_stop(struct sk_buff * skb,struct genl_info * info)17276 static int nl80211_crit_protocol_stop(struct sk_buff *skb,
17277 struct genl_info *info)
17278 {
17279 struct cfg80211_registered_device *rdev = info->user_ptr[0];
17280 struct wireless_dev *wdev = info->user_ptr[1];
17281
17282 if (!rdev->ops->crit_proto_stop)
17283 return -EOPNOTSUPP;
17284
17285 if (rdev->crit_proto_nlportid) {
17286 rdev->crit_proto_nlportid = 0;
17287 rdev_crit_proto_stop(rdev, wdev);
17288 }
17289 return 0;
17290 }
17291
nl80211_vendor_check_policy(const struct wiphy_vendor_command * vcmd,struct nlattr * attr,struct netlink_ext_ack * extack)17292 static int nl80211_vendor_check_policy(const struct wiphy_vendor_command *vcmd,
17293 struct nlattr *attr,
17294 struct netlink_ext_ack *extack)
17295 {
17296 if (vcmd->policy == VENDOR_CMD_RAW_DATA) {
17297 if (attr->nla_type & NLA_F_NESTED) {
17298 NL_SET_ERR_MSG_ATTR(extack, attr,
17299 "unexpected nested data");
17300 return -EINVAL;
17301 }
17302
17303 return 0;
17304 }
17305
17306 if (!(attr->nla_type & NLA_F_NESTED)) {
17307 NL_SET_ERR_MSG_ATTR(extack, attr, "expected nested data");
17308 return -EINVAL;
17309 }
17310
17311 return nla_validate_nested(attr, vcmd->maxattr, vcmd->policy, extack);
17312 }
17313
nl80211_vendor_cmd(struct sk_buff * skb,struct genl_info * info)17314 static int nl80211_vendor_cmd(struct sk_buff *skb, struct genl_info *info)
17315 {
17316 struct cfg80211_registered_device *rdev = info->user_ptr[0];
17317 struct wireless_dev *wdev =
17318 __cfg80211_wdev_from_attrs(rdev, genl_info_net(info),
17319 info->attrs);
17320 int i, err;
17321 u32 vid, subcmd;
17322
17323 if (!rdev->wiphy.vendor_commands)
17324 return -EOPNOTSUPP;
17325
17326 if (IS_ERR(wdev)) {
17327 err = PTR_ERR(wdev);
17328 if (err != -EINVAL)
17329 return err;
17330 wdev = NULL;
17331 } else if (wdev->wiphy != &rdev->wiphy) {
17332 return -EINVAL;
17333 }
17334
17335 if (!info->attrs[NL80211_ATTR_VENDOR_ID] ||
17336 !info->attrs[NL80211_ATTR_VENDOR_SUBCMD])
17337 return -EINVAL;
17338
17339 vid = nla_get_u32(info->attrs[NL80211_ATTR_VENDOR_ID]);
17340 subcmd = nla_get_u32(info->attrs[NL80211_ATTR_VENDOR_SUBCMD]);
17341 for (i = 0; i < rdev->wiphy.n_vendor_commands; i++) {
17342 const struct wiphy_vendor_command *vcmd;
17343 void *data = NULL;
17344 int len = 0;
17345
17346 vcmd = &rdev->wiphy.vendor_commands[i];
17347
17348 if (vcmd->info.vendor_id != vid || vcmd->info.subcmd != subcmd)
17349 continue;
17350
17351 if (vcmd->flags & (WIPHY_VENDOR_CMD_NEED_WDEV |
17352 WIPHY_VENDOR_CMD_NEED_NETDEV)) {
17353 if (!wdev)
17354 return -EINVAL;
17355 if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_NETDEV &&
17356 !wdev->netdev)
17357 return -EINVAL;
17358
17359 if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_RUNNING) {
17360 if (!wdev_running(wdev))
17361 return -ENETDOWN;
17362 }
17363 } else {
17364 wdev = NULL;
17365 }
17366
17367 if (!vcmd->doit)
17368 return -EOPNOTSUPP;
17369
17370 if (info->attrs[NL80211_ATTR_VENDOR_DATA]) {
17371 data = nla_data(info->attrs[NL80211_ATTR_VENDOR_DATA]);
17372 len = nla_len(info->attrs[NL80211_ATTR_VENDOR_DATA]);
17373
17374 err = nl80211_vendor_check_policy(vcmd,
17375 info->attrs[NL80211_ATTR_VENDOR_DATA],
17376 info->extack);
17377 if (err)
17378 return err;
17379 }
17380
17381 rdev->cur_cmd_info = info;
17382 err = vcmd->doit(&rdev->wiphy, wdev, data, len);
17383 rdev->cur_cmd_info = NULL;
17384 return err;
17385 }
17386
17387 return -EOPNOTSUPP;
17388 }
17389
nl80211_prepare_vendor_dump(struct sk_buff * skb,struct netlink_callback * cb,struct cfg80211_registered_device ** rdev,struct wireless_dev ** wdev)17390 static int nl80211_prepare_vendor_dump(struct sk_buff *skb,
17391 struct netlink_callback *cb,
17392 struct cfg80211_registered_device **rdev,
17393 struct wireless_dev **wdev)
17394 {
17395 struct nlattr **attrbuf;
17396 u32 vid, subcmd;
17397 unsigned int i;
17398 int vcmd_idx = -1;
17399 int err;
17400 void *data = NULL;
17401 unsigned int data_len = 0;
17402
17403 if (cb->args[0]) {
17404 /* subtract the 1 again here */
17405 struct wiphy *wiphy = wiphy_idx_to_wiphy(cb->args[0] - 1);
17406 struct wireless_dev *tmp;
17407
17408 if (!wiphy)
17409 return -ENODEV;
17410 *rdev = wiphy_to_rdev(wiphy);
17411 *wdev = NULL;
17412
17413 if (cb->args[1]) {
17414 list_for_each_entry(tmp, &wiphy->wdev_list, list) {
17415 if (tmp->identifier == cb->args[1] - 1) {
17416 *wdev = tmp;
17417 break;
17418 }
17419 }
17420 }
17421
17422 /* keep rtnl locked in successful case */
17423 return 0;
17424 }
17425
17426 attrbuf = kzalloc_objs(*attrbuf, NUM_NL80211_ATTR);
17427 if (!attrbuf)
17428 return -ENOMEM;
17429
17430 err = nlmsg_parse_deprecated(cb->nlh,
17431 GENL_HDRLEN + nl80211_fam.hdrsize,
17432 attrbuf, nl80211_fam.maxattr,
17433 nl80211_policy, NULL);
17434 if (err)
17435 goto out;
17436
17437 if (!attrbuf[NL80211_ATTR_VENDOR_ID] ||
17438 !attrbuf[NL80211_ATTR_VENDOR_SUBCMD]) {
17439 err = -EINVAL;
17440 goto out;
17441 }
17442
17443 *wdev = __cfg80211_wdev_from_attrs(NULL, sock_net(skb->sk), attrbuf);
17444 if (IS_ERR(*wdev))
17445 *wdev = NULL;
17446
17447 *rdev = __cfg80211_rdev_from_attrs(sock_net(skb->sk), attrbuf);
17448 if (IS_ERR(*rdev)) {
17449 err = PTR_ERR(*rdev);
17450 goto out;
17451 }
17452
17453 vid = nla_get_u32(attrbuf[NL80211_ATTR_VENDOR_ID]);
17454 subcmd = nla_get_u32(attrbuf[NL80211_ATTR_VENDOR_SUBCMD]);
17455
17456 for (i = 0; i < (*rdev)->wiphy.n_vendor_commands; i++) {
17457 const struct wiphy_vendor_command *vcmd;
17458
17459 vcmd = &(*rdev)->wiphy.vendor_commands[i];
17460
17461 if (vcmd->info.vendor_id != vid || vcmd->info.subcmd != subcmd)
17462 continue;
17463
17464 if (!vcmd->dumpit) {
17465 err = -EOPNOTSUPP;
17466 goto out;
17467 }
17468
17469 vcmd_idx = i;
17470 break;
17471 }
17472
17473 if (vcmd_idx < 0) {
17474 err = -EOPNOTSUPP;
17475 goto out;
17476 }
17477
17478 if (attrbuf[NL80211_ATTR_VENDOR_DATA]) {
17479 data = nla_data(attrbuf[NL80211_ATTR_VENDOR_DATA]);
17480 data_len = nla_len(attrbuf[NL80211_ATTR_VENDOR_DATA]);
17481
17482 err = nl80211_vendor_check_policy(
17483 &(*rdev)->wiphy.vendor_commands[vcmd_idx],
17484 attrbuf[NL80211_ATTR_VENDOR_DATA],
17485 cb->extack);
17486 if (err)
17487 goto out;
17488 }
17489
17490 /* 0 is the first index - add 1 to parse only once */
17491 cb->args[0] = (*rdev)->wiphy_idx + 1;
17492 /* add 1 to know if it was NULL */
17493 cb->args[1] = *wdev ? (*wdev)->identifier + 1 : 0;
17494 cb->args[2] = vcmd_idx;
17495 cb->args[3] = (unsigned long)data;
17496 cb->args[4] = data_len;
17497
17498 /* keep rtnl locked in successful case */
17499 err = 0;
17500 out:
17501 kfree(attrbuf);
17502 return err;
17503 }
17504
nl80211_vendor_cmd_dump(struct sk_buff * skb,struct netlink_callback * cb)17505 static int nl80211_vendor_cmd_dump(struct sk_buff *skb,
17506 struct netlink_callback *cb)
17507 {
17508 struct cfg80211_registered_device *rdev;
17509 struct wireless_dev *wdev;
17510 unsigned int vcmd_idx;
17511 const struct wiphy_vendor_command *vcmd;
17512 void *data;
17513 int data_len;
17514 int err;
17515 struct nlattr *vendor_data;
17516
17517 rtnl_lock();
17518 err = nl80211_prepare_vendor_dump(skb, cb, &rdev, &wdev);
17519 if (err)
17520 goto out;
17521
17522 vcmd_idx = cb->args[2];
17523 data = (void *)cb->args[3];
17524 data_len = cb->args[4];
17525 vcmd = &rdev->wiphy.vendor_commands[vcmd_idx];
17526
17527 if (vcmd->flags & (WIPHY_VENDOR_CMD_NEED_WDEV |
17528 WIPHY_VENDOR_CMD_NEED_NETDEV)) {
17529 if (!wdev) {
17530 err = -EINVAL;
17531 goto out;
17532 }
17533 if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_NETDEV &&
17534 !wdev->netdev) {
17535 err = -EINVAL;
17536 goto out;
17537 }
17538
17539 if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_RUNNING) {
17540 if (!wdev_running(wdev)) {
17541 err = -ENETDOWN;
17542 goto out;
17543 }
17544 }
17545 }
17546
17547 while (1) {
17548 void *hdr = nl80211hdr_put(skb, NETLINK_CB(cb->skb).portid,
17549 cb->nlh->nlmsg_seq, NLM_F_MULTI,
17550 NL80211_CMD_VENDOR);
17551 if (!hdr)
17552 break;
17553
17554 if (nla_put_u32(skb, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
17555 (wdev && nla_put_u64_64bit(skb, NL80211_ATTR_WDEV,
17556 wdev_id(wdev),
17557 NL80211_ATTR_PAD))) {
17558 genlmsg_cancel(skb, hdr);
17559 break;
17560 }
17561
17562 vendor_data = nla_nest_start_noflag(skb,
17563 NL80211_ATTR_VENDOR_DATA);
17564 if (!vendor_data) {
17565 genlmsg_cancel(skb, hdr);
17566 break;
17567 }
17568
17569 err = vcmd->dumpit(&rdev->wiphy, wdev, skb, data, data_len,
17570 (unsigned long *)&cb->args[5]);
17571 nla_nest_end(skb, vendor_data);
17572
17573 if (err == -ENOBUFS || err == -ENOENT) {
17574 genlmsg_cancel(skb, hdr);
17575 break;
17576 } else if (err <= 0) {
17577 genlmsg_cancel(skb, hdr);
17578 goto out;
17579 }
17580
17581 genlmsg_end(skb, hdr);
17582 }
17583
17584 err = skb->len;
17585 out:
17586 rtnl_unlock();
17587 return err;
17588 }
17589
__cfg80211_alloc_reply_skb(struct wiphy * wiphy,enum nl80211_commands cmd,enum nl80211_attrs attr,int approxlen)17590 struct sk_buff *__cfg80211_alloc_reply_skb(struct wiphy *wiphy,
17591 enum nl80211_commands cmd,
17592 enum nl80211_attrs attr,
17593 int approxlen)
17594 {
17595 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
17596
17597 if (WARN_ON(!rdev->cur_cmd_info))
17598 return NULL;
17599
17600 return __cfg80211_alloc_vendor_skb(rdev, NULL, approxlen,
17601 rdev->cur_cmd_info->snd_portid,
17602 rdev->cur_cmd_info->snd_seq,
17603 cmd, attr, NULL, GFP_KERNEL);
17604 }
17605 EXPORT_SYMBOL(__cfg80211_alloc_reply_skb);
17606
cfg80211_vendor_cmd_reply(struct sk_buff * skb)17607 int cfg80211_vendor_cmd_reply(struct sk_buff *skb)
17608 {
17609 struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0];
17610 void *hdr = ((void **)skb->cb)[1];
17611 struct nlattr *data = ((void **)skb->cb)[2];
17612
17613 /* clear CB data for netlink core to own from now on */
17614 memset(skb->cb, 0, sizeof(skb->cb));
17615
17616 if (WARN_ON(!rdev->cur_cmd_info)) {
17617 kfree_skb(skb);
17618 return -EINVAL;
17619 }
17620
17621 nla_nest_end(skb, data);
17622 genlmsg_end(skb, hdr);
17623 return genlmsg_reply(skb, rdev->cur_cmd_info);
17624 }
17625 EXPORT_SYMBOL_GPL(cfg80211_vendor_cmd_reply);
17626
cfg80211_vendor_cmd_get_sender(struct wiphy * wiphy)17627 unsigned int cfg80211_vendor_cmd_get_sender(struct wiphy *wiphy)
17628 {
17629 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
17630
17631 if (WARN_ON(!rdev->cur_cmd_info))
17632 return 0;
17633
17634 return rdev->cur_cmd_info->snd_portid;
17635 }
17636 EXPORT_SYMBOL_GPL(cfg80211_vendor_cmd_get_sender);
17637
nl80211_set_qos_map(struct sk_buff * skb,struct genl_info * info)17638 static int nl80211_set_qos_map(struct sk_buff *skb,
17639 struct genl_info *info)
17640 {
17641 struct cfg80211_registered_device *rdev = info->user_ptr[0];
17642 struct cfg80211_qos_map *qos_map = NULL;
17643 struct net_device *dev = info->user_ptr[1];
17644 u8 *pos, len, num_des, des_len, des;
17645 int ret;
17646
17647 if (!rdev->ops->set_qos_map)
17648 return -EOPNOTSUPP;
17649
17650 if (info->attrs[NL80211_ATTR_QOS_MAP]) {
17651 pos = nla_data(info->attrs[NL80211_ATTR_QOS_MAP]);
17652 len = nla_len(info->attrs[NL80211_ATTR_QOS_MAP]);
17653
17654 if (len % 2)
17655 return -EINVAL;
17656
17657 qos_map = kzalloc_obj(struct cfg80211_qos_map);
17658 if (!qos_map)
17659 return -ENOMEM;
17660
17661 num_des = (len - IEEE80211_QOS_MAP_LEN_MIN) >> 1;
17662 if (num_des) {
17663 des_len = num_des *
17664 sizeof(struct cfg80211_dscp_exception);
17665 memcpy(qos_map->dscp_exception, pos, des_len);
17666 qos_map->num_des = num_des;
17667 for (des = 0; des < num_des; des++) {
17668 if (qos_map->dscp_exception[des].up > 7) {
17669 kfree(qos_map);
17670 return -EINVAL;
17671 }
17672 }
17673 pos += des_len;
17674 }
17675 memcpy(qos_map->up, pos, IEEE80211_QOS_MAP_LEN_MIN);
17676 }
17677
17678 ret = nl80211_key_allowed(dev->ieee80211_ptr);
17679 if (!ret)
17680 ret = rdev_set_qos_map(rdev, dev, qos_map);
17681
17682 kfree(qos_map);
17683 return ret;
17684 }
17685
nl80211_add_tx_ts(struct sk_buff * skb,struct genl_info * info)17686 static int nl80211_add_tx_ts(struct sk_buff *skb, struct genl_info *info)
17687 {
17688 struct cfg80211_registered_device *rdev = info->user_ptr[0];
17689 struct net_device *dev = info->user_ptr[1];
17690 struct wireless_dev *wdev = dev->ieee80211_ptr;
17691 const u8 *peer;
17692 u8 tsid, up;
17693 u16 admitted_time = 0;
17694
17695 if (!(rdev->wiphy.features & NL80211_FEATURE_SUPPORTS_WMM_ADMISSION))
17696 return -EOPNOTSUPP;
17697
17698 if (!info->attrs[NL80211_ATTR_TSID] || !info->attrs[NL80211_ATTR_MAC] ||
17699 !info->attrs[NL80211_ATTR_USER_PRIO])
17700 return -EINVAL;
17701
17702 tsid = nla_get_u8(info->attrs[NL80211_ATTR_TSID]);
17703 up = nla_get_u8(info->attrs[NL80211_ATTR_USER_PRIO]);
17704
17705 /* WMM uses TIDs 0-7 even for TSPEC */
17706 if (tsid >= IEEE80211_FIRST_TSPEC_TSID) {
17707 /* TODO: handle 802.11 TSPEC/admission control
17708 * need more attributes for that (e.g. BA session requirement);
17709 * change the WMM admission test above to allow both then
17710 */
17711 return -EINVAL;
17712 }
17713
17714 peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
17715
17716 if (info->attrs[NL80211_ATTR_ADMITTED_TIME]) {
17717 admitted_time =
17718 nla_get_u16(info->attrs[NL80211_ATTR_ADMITTED_TIME]);
17719 if (!admitted_time)
17720 return -EINVAL;
17721 }
17722
17723 switch (wdev->iftype) {
17724 case NL80211_IFTYPE_STATION:
17725 case NL80211_IFTYPE_P2P_CLIENT:
17726 if (wdev->connected)
17727 break;
17728 return -ENOTCONN;
17729 default:
17730 return -EOPNOTSUPP;
17731 }
17732
17733 return rdev_add_tx_ts(rdev, dev, tsid, peer, up, admitted_time);
17734 }
17735
nl80211_del_tx_ts(struct sk_buff * skb,struct genl_info * info)17736 static int nl80211_del_tx_ts(struct sk_buff *skb, struct genl_info *info)
17737 {
17738 struct cfg80211_registered_device *rdev = info->user_ptr[0];
17739 struct net_device *dev = info->user_ptr[1];
17740 const u8 *peer;
17741 u8 tsid;
17742
17743 if (!info->attrs[NL80211_ATTR_TSID] || !info->attrs[NL80211_ATTR_MAC])
17744 return -EINVAL;
17745
17746 tsid = nla_get_u8(info->attrs[NL80211_ATTR_TSID]);
17747 peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
17748
17749 return rdev_del_tx_ts(rdev, dev, tsid, peer);
17750 }
17751
nl80211_tdls_channel_switch(struct sk_buff * skb,struct genl_info * info)17752 static int nl80211_tdls_channel_switch(struct sk_buff *skb,
17753 struct genl_info *info)
17754 {
17755 struct cfg80211_registered_device *rdev = info->user_ptr[0];
17756 struct net_device *dev = info->user_ptr[1];
17757 struct wireless_dev *wdev = dev->ieee80211_ptr;
17758 struct cfg80211_chan_def chandef = {};
17759 const u8 *addr;
17760 u8 oper_class;
17761 int err;
17762
17763 if (!rdev->ops->tdls_channel_switch ||
17764 !(rdev->wiphy.features & NL80211_FEATURE_TDLS_CHANNEL_SWITCH))
17765 return -EOPNOTSUPP;
17766
17767 switch (dev->ieee80211_ptr->iftype) {
17768 case NL80211_IFTYPE_STATION:
17769 case NL80211_IFTYPE_P2P_CLIENT:
17770 break;
17771 default:
17772 return -EOPNOTSUPP;
17773 }
17774
17775 if (!info->attrs[NL80211_ATTR_MAC] ||
17776 !info->attrs[NL80211_ATTR_OPER_CLASS])
17777 return -EINVAL;
17778
17779 err = nl80211_parse_chandef(rdev, info->extack, info->attrs, &chandef);
17780 if (err)
17781 return err;
17782
17783 /*
17784 * Don't allow wide channels on the 2.4Ghz band, as per IEEE802.11-2012
17785 * section 10.22.6.2.1. Disallow 5/10Mhz channels as well for now, the
17786 * specification is not defined for them.
17787 */
17788 if (chandef.chan->band == NL80211_BAND_2GHZ &&
17789 chandef.width != NL80211_CHAN_WIDTH_20_NOHT &&
17790 chandef.width != NL80211_CHAN_WIDTH_20)
17791 return -EINVAL;
17792
17793 /* we will be active on the TDLS link */
17794 if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, &chandef,
17795 wdev->iftype))
17796 return -EINVAL;
17797
17798 /* don't allow switching to DFS channels */
17799 if (cfg80211_chandef_dfs_required(wdev->wiphy, &chandef, wdev->iftype))
17800 return -EINVAL;
17801
17802 addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
17803 oper_class = nla_get_u8(info->attrs[NL80211_ATTR_OPER_CLASS]);
17804
17805 return rdev_tdls_channel_switch(rdev, dev, addr, oper_class, &chandef);
17806 }
17807
nl80211_tdls_cancel_channel_switch(struct sk_buff * skb,struct genl_info * info)17808 static int nl80211_tdls_cancel_channel_switch(struct sk_buff *skb,
17809 struct genl_info *info)
17810 {
17811 struct cfg80211_registered_device *rdev = info->user_ptr[0];
17812 struct net_device *dev = info->user_ptr[1];
17813 const u8 *addr;
17814
17815 if (!rdev->ops->tdls_channel_switch ||
17816 !rdev->ops->tdls_cancel_channel_switch ||
17817 !(rdev->wiphy.features & NL80211_FEATURE_TDLS_CHANNEL_SWITCH))
17818 return -EOPNOTSUPP;
17819
17820 switch (dev->ieee80211_ptr->iftype) {
17821 case NL80211_IFTYPE_STATION:
17822 case NL80211_IFTYPE_P2P_CLIENT:
17823 break;
17824 default:
17825 return -EOPNOTSUPP;
17826 }
17827
17828 if (!info->attrs[NL80211_ATTR_MAC])
17829 return -EINVAL;
17830
17831 addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
17832
17833 rdev_tdls_cancel_channel_switch(rdev, dev, addr);
17834
17835 return 0;
17836 }
17837
nl80211_set_multicast_to_unicast(struct sk_buff * skb,struct genl_info * info)17838 static int nl80211_set_multicast_to_unicast(struct sk_buff *skb,
17839 struct genl_info *info)
17840 {
17841 struct cfg80211_registered_device *rdev = info->user_ptr[0];
17842 struct net_device *dev = info->user_ptr[1];
17843 struct wireless_dev *wdev = dev->ieee80211_ptr;
17844 const struct nlattr *nla;
17845 bool enabled;
17846
17847 if (!rdev->ops->set_multicast_to_unicast)
17848 return -EOPNOTSUPP;
17849
17850 if (wdev->iftype != NL80211_IFTYPE_AP &&
17851 wdev->iftype != NL80211_IFTYPE_P2P_GO)
17852 return -EOPNOTSUPP;
17853
17854 nla = info->attrs[NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED];
17855 enabled = nla_get_flag(nla);
17856
17857 return rdev_set_multicast_to_unicast(rdev, dev, enabled);
17858 }
17859
nl80211_set_pmk(struct sk_buff * skb,struct genl_info * info)17860 static int nl80211_set_pmk(struct sk_buff *skb, struct genl_info *info)
17861 {
17862 struct cfg80211_registered_device *rdev = info->user_ptr[0];
17863 struct net_device *dev = info->user_ptr[1];
17864 struct wireless_dev *wdev = dev->ieee80211_ptr;
17865 struct cfg80211_pmk_conf pmk_conf = {};
17866
17867 if (wdev->iftype != NL80211_IFTYPE_STATION &&
17868 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
17869 return -EOPNOTSUPP;
17870
17871 if (!wiphy_ext_feature_isset(&rdev->wiphy,
17872 NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X))
17873 return -EOPNOTSUPP;
17874
17875 if (!info->attrs[NL80211_ATTR_MAC] || !info->attrs[NL80211_ATTR_PMK])
17876 return -EINVAL;
17877
17878 if (!wdev->connected)
17879 return -ENOTCONN;
17880
17881 pmk_conf.aa = nla_data(info->attrs[NL80211_ATTR_MAC]);
17882 if (memcmp(pmk_conf.aa, wdev->u.client.connected_addr, ETH_ALEN))
17883 return -EINVAL;
17884
17885 pmk_conf.pmk = nla_data(info->attrs[NL80211_ATTR_PMK]);
17886 pmk_conf.pmk_len = nla_len(info->attrs[NL80211_ATTR_PMK]);
17887 if (pmk_conf.pmk_len != WLAN_PMK_LEN &&
17888 pmk_conf.pmk_len != WLAN_PMK_LEN_SUITE_B_192)
17889 return -EINVAL;
17890
17891 if (info->attrs[NL80211_ATTR_PMKR0_NAME])
17892 pmk_conf.pmk_r0_name =
17893 nla_data(info->attrs[NL80211_ATTR_PMKR0_NAME]);
17894
17895 return rdev_set_pmk(rdev, dev, &pmk_conf);
17896 }
17897
nl80211_del_pmk(struct sk_buff * skb,struct genl_info * info)17898 static int nl80211_del_pmk(struct sk_buff *skb, struct genl_info *info)
17899 {
17900 struct cfg80211_registered_device *rdev = info->user_ptr[0];
17901 struct net_device *dev = info->user_ptr[1];
17902 struct wireless_dev *wdev = dev->ieee80211_ptr;
17903 const u8 *aa;
17904
17905 if (wdev->iftype != NL80211_IFTYPE_STATION &&
17906 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
17907 return -EOPNOTSUPP;
17908
17909 if (!wiphy_ext_feature_isset(&rdev->wiphy,
17910 NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X))
17911 return -EOPNOTSUPP;
17912
17913 if (!info->attrs[NL80211_ATTR_MAC])
17914 return -EINVAL;
17915
17916 aa = nla_data(info->attrs[NL80211_ATTR_MAC]);
17917 return rdev_del_pmk(rdev, dev, aa);
17918 }
17919
nl80211_external_auth(struct sk_buff * skb,struct genl_info * info)17920 static int nl80211_external_auth(struct sk_buff *skb, struct genl_info *info)
17921 {
17922 struct cfg80211_registered_device *rdev = info->user_ptr[0];
17923 struct net_device *dev = info->user_ptr[1];
17924 struct cfg80211_external_auth_params params;
17925
17926 if (!rdev->ops->external_auth)
17927 return -EOPNOTSUPP;
17928
17929 if (!info->attrs[NL80211_ATTR_SSID] &&
17930 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
17931 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
17932 return -EINVAL;
17933
17934 if (!info->attrs[NL80211_ATTR_BSSID])
17935 return -EINVAL;
17936
17937 if (!info->attrs[NL80211_ATTR_STATUS_CODE])
17938 return -EINVAL;
17939
17940 memset(¶ms, 0, sizeof(params));
17941
17942 if (info->attrs[NL80211_ATTR_SSID]) {
17943 params.ssid.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
17944 if (params.ssid.ssid_len == 0)
17945 return -EINVAL;
17946 memcpy(params.ssid.ssid,
17947 nla_data(info->attrs[NL80211_ATTR_SSID]),
17948 params.ssid.ssid_len);
17949 }
17950
17951 memcpy(params.bssid, nla_data(info->attrs[NL80211_ATTR_BSSID]),
17952 ETH_ALEN);
17953
17954 params.status = nla_get_u16(info->attrs[NL80211_ATTR_STATUS_CODE]);
17955
17956 if (info->attrs[NL80211_ATTR_PMKID])
17957 params.pmkid = nla_data(info->attrs[NL80211_ATTR_PMKID]);
17958
17959 return rdev_external_auth(rdev, dev, ¶ms);
17960 }
17961
nl80211_tx_control_port(struct sk_buff * skb,struct genl_info * info)17962 static int nl80211_tx_control_port(struct sk_buff *skb, struct genl_info *info)
17963 {
17964 bool dont_wait_for_ack = info->attrs[NL80211_ATTR_DONT_WAIT_FOR_ACK];
17965 struct cfg80211_registered_device *rdev = info->user_ptr[0];
17966 struct net_device *dev = info->user_ptr[1];
17967 struct wireless_dev *wdev = dev->ieee80211_ptr;
17968 const u8 *buf;
17969 size_t len;
17970 u8 *dest;
17971 u16 proto;
17972 bool noencrypt;
17973 u64 cookie = 0;
17974 int link_id;
17975 int err;
17976
17977 if (!wiphy_ext_feature_isset(&rdev->wiphy,
17978 NL80211_EXT_FEATURE_CONTROL_PORT_OVER_NL80211))
17979 return -EOPNOTSUPP;
17980
17981 if (!rdev->ops->tx_control_port)
17982 return -EOPNOTSUPP;
17983
17984 if (!info->attrs[NL80211_ATTR_FRAME] ||
17985 !info->attrs[NL80211_ATTR_MAC] ||
17986 !info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]) {
17987 GENL_SET_ERR_MSG(info, "Frame, MAC or ethertype missing");
17988 return -EINVAL;
17989 }
17990
17991 switch (wdev->iftype) {
17992 case NL80211_IFTYPE_AP:
17993 case NL80211_IFTYPE_P2P_GO:
17994 case NL80211_IFTYPE_MESH_POINT:
17995 break;
17996 case NL80211_IFTYPE_ADHOC:
17997 if (wdev->u.ibss.current_bss)
17998 break;
17999 return -ENOTCONN;
18000 case NL80211_IFTYPE_STATION:
18001 case NL80211_IFTYPE_P2P_CLIENT:
18002 if (wdev->connected)
18003 break;
18004 return -ENOTCONN;
18005 default:
18006 return -EOPNOTSUPP;
18007 }
18008
18009 buf = nla_data(info->attrs[NL80211_ATTR_FRAME]);
18010 len = nla_len(info->attrs[NL80211_ATTR_FRAME]);
18011 dest = nla_data(info->attrs[NL80211_ATTR_MAC]);
18012 proto = nla_get_u16(info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]);
18013 noencrypt =
18014 nla_get_flag(info->attrs[NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT]);
18015
18016 link_id = nl80211_link_id_or_invalid(info->attrs);
18017
18018 err = rdev_tx_control_port(rdev, dev, buf, len,
18019 dest, cpu_to_be16(proto), noencrypt, link_id,
18020 dont_wait_for_ack ? NULL : &cookie);
18021 if (!err && !dont_wait_for_ack)
18022 nl_set_extack_cookie_u64(info->extack, cookie);
18023 return err;
18024 }
18025
nl80211_get_ftm_responder_stats(struct sk_buff * skb,struct genl_info * info)18026 static int nl80211_get_ftm_responder_stats(struct sk_buff *skb,
18027 struct genl_info *info)
18028 {
18029 struct cfg80211_registered_device *rdev = info->user_ptr[0];
18030 struct net_device *dev = info->user_ptr[1];
18031 struct wireless_dev *wdev = dev->ieee80211_ptr;
18032 struct cfg80211_ftm_responder_stats ftm_stats = {};
18033 unsigned int link_id = nl80211_link_id(info->attrs);
18034 struct sk_buff *msg;
18035 void *hdr;
18036 struct nlattr *ftm_stats_attr;
18037 int err;
18038
18039 if (wdev->iftype != NL80211_IFTYPE_AP ||
18040 !wdev->links[link_id].ap.beacon_interval)
18041 return -EOPNOTSUPP;
18042
18043 err = rdev_get_ftm_responder_stats(rdev, dev, &ftm_stats);
18044 if (err)
18045 return err;
18046
18047 if (!ftm_stats.filled)
18048 return -ENODATA;
18049
18050 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
18051 if (!msg)
18052 return -ENOMEM;
18053
18054 hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
18055 NL80211_CMD_GET_FTM_RESPONDER_STATS);
18056 if (!hdr)
18057 goto nla_put_failure;
18058
18059 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
18060 goto nla_put_failure;
18061
18062 ftm_stats_attr = nla_nest_start_noflag(msg,
18063 NL80211_ATTR_FTM_RESPONDER_STATS);
18064 if (!ftm_stats_attr)
18065 goto nla_put_failure;
18066
18067 #define SET_FTM(field, name, type) \
18068 do { if ((ftm_stats.filled & BIT(NL80211_FTM_STATS_ ## name)) && \
18069 nla_put_ ## type(msg, NL80211_FTM_STATS_ ## name, \
18070 ftm_stats.field)) \
18071 goto nla_put_failure; } while (0)
18072 #define SET_FTM_U64(field, name) \
18073 do { if ((ftm_stats.filled & BIT(NL80211_FTM_STATS_ ## name)) && \
18074 nla_put_u64_64bit(msg, NL80211_FTM_STATS_ ## name, \
18075 ftm_stats.field, NL80211_FTM_STATS_PAD)) \
18076 goto nla_put_failure; } while (0)
18077
18078 SET_FTM(success_num, SUCCESS_NUM, u32);
18079 SET_FTM(partial_num, PARTIAL_NUM, u32);
18080 SET_FTM(failed_num, FAILED_NUM, u32);
18081 SET_FTM(asap_num, ASAP_NUM, u32);
18082 SET_FTM(non_asap_num, NON_ASAP_NUM, u32);
18083 SET_FTM_U64(total_duration_ms, TOTAL_DURATION_MSEC);
18084 SET_FTM(unknown_triggers_num, UNKNOWN_TRIGGERS_NUM, u32);
18085 SET_FTM(reschedule_requests_num, RESCHEDULE_REQUESTS_NUM, u32);
18086 SET_FTM(out_of_window_triggers_num, OUT_OF_WINDOW_TRIGGERS_NUM, u32);
18087 #undef SET_FTM
18088
18089 nla_nest_end(msg, ftm_stats_attr);
18090
18091 genlmsg_end(msg, hdr);
18092 return genlmsg_reply(msg, info);
18093
18094 nla_put_failure:
18095 nlmsg_free(msg);
18096 return -ENOBUFS;
18097 }
18098
nl80211_update_owe_info(struct sk_buff * skb,struct genl_info * info)18099 static int nl80211_update_owe_info(struct sk_buff *skb, struct genl_info *info)
18100 {
18101 struct cfg80211_registered_device *rdev = info->user_ptr[0];
18102 struct cfg80211_update_owe_info owe_info;
18103 struct net_device *dev = info->user_ptr[1];
18104
18105 if (!rdev->ops->update_owe_info)
18106 return -EOPNOTSUPP;
18107
18108 if (!info->attrs[NL80211_ATTR_STATUS_CODE] ||
18109 !info->attrs[NL80211_ATTR_MAC])
18110 return -EINVAL;
18111
18112 memset(&owe_info, 0, sizeof(owe_info));
18113 owe_info.status = nla_get_u16(info->attrs[NL80211_ATTR_STATUS_CODE]);
18114 nla_memcpy(owe_info.peer, info->attrs[NL80211_ATTR_MAC], ETH_ALEN);
18115
18116 if (info->attrs[NL80211_ATTR_IE]) {
18117 owe_info.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
18118 owe_info.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
18119 }
18120
18121 return rdev_update_owe_info(rdev, dev, &owe_info);
18122 }
18123
nl80211_probe_mesh_link(struct sk_buff * skb,struct genl_info * info)18124 static int nl80211_probe_mesh_link(struct sk_buff *skb, struct genl_info *info)
18125 {
18126 struct cfg80211_registered_device *rdev = info->user_ptr[0];
18127 struct net_device *dev = info->user_ptr[1];
18128 struct wireless_dev *wdev = dev->ieee80211_ptr;
18129 struct station_info sinfo = {};
18130 const u8 *buf;
18131 size_t len;
18132 u8 *dest;
18133 int err;
18134
18135 if (!rdev->ops->probe_mesh_link || !rdev->ops->get_station)
18136 return -EOPNOTSUPP;
18137
18138 if (!info->attrs[NL80211_ATTR_MAC] ||
18139 !info->attrs[NL80211_ATTR_FRAME]) {
18140 GENL_SET_ERR_MSG(info, "Frame or MAC missing");
18141 return -EINVAL;
18142 }
18143
18144 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
18145 return -EOPNOTSUPP;
18146
18147 dest = nla_data(info->attrs[NL80211_ATTR_MAC]);
18148 buf = nla_data(info->attrs[NL80211_ATTR_FRAME]);
18149 len = nla_len(info->attrs[NL80211_ATTR_FRAME]);
18150
18151 if (len < sizeof(struct ethhdr))
18152 return -EINVAL;
18153
18154 if (!ether_addr_equal(buf, dest) || is_multicast_ether_addr(buf) ||
18155 !ether_addr_equal(buf + ETH_ALEN, dev->dev_addr))
18156 return -EINVAL;
18157
18158 err = rdev_get_station(rdev, wdev, dest, &sinfo);
18159 if (err)
18160 return err;
18161
18162 cfg80211_sinfo_release_content(&sinfo);
18163
18164 return rdev_probe_mesh_link(rdev, dev, dest, buf, len);
18165 }
18166
parse_tid_conf(struct cfg80211_registered_device * rdev,struct nlattr * attrs[],struct net_device * dev,struct cfg80211_tid_cfg * tid_conf,struct genl_info * info,const u8 * peer,unsigned int link_id)18167 static int parse_tid_conf(struct cfg80211_registered_device *rdev,
18168 struct nlattr *attrs[], struct net_device *dev,
18169 struct cfg80211_tid_cfg *tid_conf,
18170 struct genl_info *info, const u8 *peer,
18171 unsigned int link_id)
18172 {
18173 struct netlink_ext_ack *extack = info->extack;
18174 u64 mask;
18175 int err;
18176
18177 if (!attrs[NL80211_TID_CONFIG_ATTR_TIDS])
18178 return -EINVAL;
18179
18180 tid_conf->config_override =
18181 nla_get_flag(attrs[NL80211_TID_CONFIG_ATTR_OVERRIDE]);
18182 tid_conf->tids = nla_get_u16(attrs[NL80211_TID_CONFIG_ATTR_TIDS]);
18183
18184 if (tid_conf->config_override) {
18185 if (rdev->ops->reset_tid_config) {
18186 err = rdev_reset_tid_config(rdev, dev, peer,
18187 tid_conf->tids);
18188 if (err)
18189 return err;
18190 } else {
18191 return -EINVAL;
18192 }
18193 }
18194
18195 if (attrs[NL80211_TID_CONFIG_ATTR_NOACK]) {
18196 tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_NOACK);
18197 tid_conf->noack =
18198 nla_get_u8(attrs[NL80211_TID_CONFIG_ATTR_NOACK]);
18199 }
18200
18201 if (attrs[NL80211_TID_CONFIG_ATTR_RETRY_SHORT]) {
18202 tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_RETRY_SHORT);
18203 tid_conf->retry_short =
18204 nla_get_u8(attrs[NL80211_TID_CONFIG_ATTR_RETRY_SHORT]);
18205
18206 if (tid_conf->retry_short > rdev->wiphy.max_data_retry_count)
18207 return -EINVAL;
18208 }
18209
18210 if (attrs[NL80211_TID_CONFIG_ATTR_RETRY_LONG]) {
18211 tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_RETRY_LONG);
18212 tid_conf->retry_long =
18213 nla_get_u8(attrs[NL80211_TID_CONFIG_ATTR_RETRY_LONG]);
18214
18215 if (tid_conf->retry_long > rdev->wiphy.max_data_retry_count)
18216 return -EINVAL;
18217 }
18218
18219 if (attrs[NL80211_TID_CONFIG_ATTR_AMPDU_CTRL]) {
18220 tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_AMPDU_CTRL);
18221 tid_conf->ampdu =
18222 nla_get_u8(attrs[NL80211_TID_CONFIG_ATTR_AMPDU_CTRL]);
18223 }
18224
18225 if (attrs[NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL]) {
18226 tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL);
18227 tid_conf->rtscts =
18228 nla_get_u8(attrs[NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL]);
18229 }
18230
18231 if (attrs[NL80211_TID_CONFIG_ATTR_AMSDU_CTRL]) {
18232 tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_AMSDU_CTRL);
18233 tid_conf->amsdu =
18234 nla_get_u8(attrs[NL80211_TID_CONFIG_ATTR_AMSDU_CTRL]);
18235 }
18236
18237 if (attrs[NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE]) {
18238 u32 idx = NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE, attr;
18239
18240 tid_conf->txrate_type = nla_get_u8(attrs[idx]);
18241
18242 if (tid_conf->txrate_type != NL80211_TX_RATE_AUTOMATIC) {
18243 attr = NL80211_TID_CONFIG_ATTR_TX_RATE;
18244 err = nl80211_parse_tx_bitrate_mask(info, attrs, attr,
18245 &tid_conf->txrate_mask, dev,
18246 true, link_id);
18247 if (err)
18248 return err;
18249
18250 tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_TX_RATE);
18251 }
18252 tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE);
18253 }
18254
18255 if (peer)
18256 mask = rdev->wiphy.tid_config_support.peer;
18257 else
18258 mask = rdev->wiphy.tid_config_support.vif;
18259
18260 if (tid_conf->mask & ~mask) {
18261 NL_SET_ERR_MSG(extack, "unsupported TID configuration");
18262 return -EOPNOTSUPP;
18263 }
18264
18265 return 0;
18266 }
18267
nl80211_set_tid_config(struct sk_buff * skb,struct genl_info * info)18268 static int nl80211_set_tid_config(struct sk_buff *skb,
18269 struct genl_info *info)
18270 {
18271 struct cfg80211_registered_device *rdev = info->user_ptr[0];
18272 struct nlattr *attrs[NL80211_TID_CONFIG_ATTR_MAX + 1];
18273 unsigned int link_id = nl80211_link_id(info->attrs);
18274 struct net_device *dev = info->user_ptr[1];
18275 struct cfg80211_tid_config *tid_config;
18276 struct nlattr *tid;
18277 int conf_idx = 0, rem_conf;
18278 int ret = -EINVAL;
18279 u32 num_conf = 0;
18280
18281 if (!info->attrs[NL80211_ATTR_TID_CONFIG])
18282 return -EINVAL;
18283
18284 if (!rdev->ops->set_tid_config)
18285 return -EOPNOTSUPP;
18286
18287 nla_for_each_nested(tid, info->attrs[NL80211_ATTR_TID_CONFIG],
18288 rem_conf)
18289 num_conf++;
18290
18291 tid_config = kzalloc_flex(*tid_config, tid_conf, num_conf);
18292 if (!tid_config)
18293 return -ENOMEM;
18294
18295 tid_config->n_tid_conf = num_conf;
18296
18297 if (info->attrs[NL80211_ATTR_MAC])
18298 tid_config->peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
18299
18300 nla_for_each_nested(tid, info->attrs[NL80211_ATTR_TID_CONFIG],
18301 rem_conf) {
18302 ret = nla_parse_nested(attrs, NL80211_TID_CONFIG_ATTR_MAX,
18303 tid, NULL, NULL);
18304
18305 if (ret)
18306 goto bad_tid_conf;
18307
18308 ret = parse_tid_conf(rdev, attrs, dev,
18309 &tid_config->tid_conf[conf_idx],
18310 info, tid_config->peer, link_id);
18311 if (ret)
18312 goto bad_tid_conf;
18313
18314 conf_idx++;
18315 }
18316
18317 ret = rdev_set_tid_config(rdev, dev, tid_config);
18318
18319 bad_tid_conf:
18320 kfree(tid_config);
18321 return ret;
18322 }
18323
nl80211_color_change(struct sk_buff * skb,struct genl_info * info)18324 static int nl80211_color_change(struct sk_buff *skb, struct genl_info *info)
18325 {
18326 struct cfg80211_registered_device *rdev = info->user_ptr[0];
18327 struct cfg80211_color_change_settings params = {};
18328 struct net_device *dev = info->user_ptr[1];
18329 struct wireless_dev *wdev = dev->ieee80211_ptr;
18330 struct nlattr **tb;
18331 u16 offset;
18332 int err;
18333
18334 if (!rdev->ops->color_change)
18335 return -EOPNOTSUPP;
18336
18337 if (!wiphy_ext_feature_isset(&rdev->wiphy,
18338 NL80211_EXT_FEATURE_BSS_COLOR))
18339 return -EOPNOTSUPP;
18340
18341 if (wdev->iftype != NL80211_IFTYPE_AP)
18342 return -EOPNOTSUPP;
18343
18344 if (!info->attrs[NL80211_ATTR_COLOR_CHANGE_COUNT] ||
18345 !info->attrs[NL80211_ATTR_COLOR_CHANGE_COLOR] ||
18346 !info->attrs[NL80211_ATTR_COLOR_CHANGE_ELEMS])
18347 return -EINVAL;
18348
18349 params.count = nla_get_u8(info->attrs[NL80211_ATTR_COLOR_CHANGE_COUNT]);
18350 params.color = nla_get_u8(info->attrs[NL80211_ATTR_COLOR_CHANGE_COLOR]);
18351
18352 err = nl80211_parse_beacon(rdev, info->attrs, ¶ms.beacon_next,
18353 info->extack);
18354 if (err)
18355 return err;
18356
18357 tb = kzalloc_objs(*tb, NL80211_ATTR_MAX + 1);
18358 if (!tb)
18359 return -ENOMEM;
18360
18361 err = nla_parse_nested(tb, NL80211_ATTR_MAX,
18362 info->attrs[NL80211_ATTR_COLOR_CHANGE_ELEMS],
18363 nl80211_policy, info->extack);
18364 if (err)
18365 goto out;
18366
18367 err = nl80211_parse_beacon(rdev, tb, ¶ms.beacon_color_change,
18368 info->extack);
18369 if (err)
18370 goto out;
18371
18372 if (!tb[NL80211_ATTR_CNTDWN_OFFS_BEACON]) {
18373 err = -EINVAL;
18374 goto out;
18375 }
18376
18377 if (nla_len(tb[NL80211_ATTR_CNTDWN_OFFS_BEACON]) != sizeof(u16)) {
18378 err = -EINVAL;
18379 goto out;
18380 }
18381
18382 offset = nla_get_u16(tb[NL80211_ATTR_CNTDWN_OFFS_BEACON]);
18383 if (offset >= params.beacon_color_change.tail_len) {
18384 err = -EINVAL;
18385 goto out;
18386 }
18387
18388 if (params.beacon_color_change.tail[offset] != params.count) {
18389 err = -EINVAL;
18390 goto out;
18391 }
18392
18393 params.counter_offset_beacon = offset;
18394
18395 if (tb[NL80211_ATTR_CNTDWN_OFFS_PRESP]) {
18396 if (nla_len(tb[NL80211_ATTR_CNTDWN_OFFS_PRESP]) !=
18397 sizeof(u16)) {
18398 err = -EINVAL;
18399 goto out;
18400 }
18401
18402 offset = nla_get_u16(tb[NL80211_ATTR_CNTDWN_OFFS_PRESP]);
18403 if (offset >= params.beacon_color_change.probe_resp_len) {
18404 err = -EINVAL;
18405 goto out;
18406 }
18407
18408 if (params.beacon_color_change.probe_resp[offset] !=
18409 params.count) {
18410 err = -EINVAL;
18411 goto out;
18412 }
18413
18414 params.counter_offset_presp = offset;
18415 }
18416
18417 if (info->attrs[NL80211_ATTR_UNSOL_BCAST_PROBE_RESP]) {
18418 err = nl80211_parse_unsol_bcast_probe_resp(
18419 rdev, info->attrs[NL80211_ATTR_UNSOL_BCAST_PROBE_RESP],
18420 ¶ms.unsol_bcast_probe_resp);
18421 if (err)
18422 goto out;
18423 }
18424
18425 params.link_id = nl80211_link_id(info->attrs);
18426 err = rdev_color_change(rdev, dev, ¶ms);
18427
18428 out:
18429 kfree(params.beacon_next.mbssid_ies);
18430 kfree(params.beacon_color_change.mbssid_ies);
18431 kfree(params.beacon_next.rnr_ies);
18432 kfree(params.beacon_color_change.rnr_ies);
18433 kfree(tb);
18434 return err;
18435 }
18436
nl80211_set_fils_aad(struct sk_buff * skb,struct genl_info * info)18437 static int nl80211_set_fils_aad(struct sk_buff *skb,
18438 struct genl_info *info)
18439 {
18440 struct cfg80211_registered_device *rdev = info->user_ptr[0];
18441 struct net_device *dev = info->user_ptr[1];
18442 struct cfg80211_fils_aad fils_aad = {};
18443 u8 *nonces;
18444
18445 if (!info->attrs[NL80211_ATTR_MAC] ||
18446 !info->attrs[NL80211_ATTR_FILS_KEK] ||
18447 !info->attrs[NL80211_ATTR_FILS_NONCES])
18448 return -EINVAL;
18449
18450 fils_aad.macaddr = nla_data(info->attrs[NL80211_ATTR_MAC]);
18451 fils_aad.kek_len = nla_len(info->attrs[NL80211_ATTR_FILS_KEK]);
18452 fils_aad.kek = nla_data(info->attrs[NL80211_ATTR_FILS_KEK]);
18453 nonces = nla_data(info->attrs[NL80211_ATTR_FILS_NONCES]);
18454 fils_aad.snonce = nonces;
18455 fils_aad.anonce = nonces + FILS_NONCE_LEN;
18456
18457 return rdev_set_fils_aad(rdev, dev, &fils_aad);
18458 }
18459
nl80211_add_link(struct sk_buff * skb,struct genl_info * info)18460 static int nl80211_add_link(struct sk_buff *skb, struct genl_info *info)
18461 {
18462 struct cfg80211_registered_device *rdev = info->user_ptr[0];
18463 unsigned int link_id = nl80211_link_id(info->attrs);
18464 struct net_device *dev = info->user_ptr[1];
18465 struct wireless_dev *wdev = dev->ieee80211_ptr;
18466 int ret;
18467
18468 if (!(wdev->wiphy->flags & WIPHY_FLAG_SUPPORTS_MLO))
18469 return -EINVAL;
18470
18471 switch (wdev->iftype) {
18472 case NL80211_IFTYPE_AP:
18473 break;
18474 default:
18475 return -EINVAL;
18476 }
18477
18478 if (!info->attrs[NL80211_ATTR_MAC] ||
18479 !is_valid_ether_addr(nla_data(info->attrs[NL80211_ATTR_MAC])))
18480 return -EINVAL;
18481
18482 wdev->valid_links |= BIT(link_id);
18483 ether_addr_copy(wdev->links[link_id].addr,
18484 nla_data(info->attrs[NL80211_ATTR_MAC]));
18485
18486 ret = rdev_add_intf_link(rdev, wdev, link_id);
18487 if (ret) {
18488 wdev->valid_links &= ~BIT(link_id);
18489 eth_zero_addr(wdev->links[link_id].addr);
18490 }
18491
18492 return ret;
18493 }
18494
nl80211_remove_link(struct sk_buff * skb,struct genl_info * info)18495 static int nl80211_remove_link(struct sk_buff *skb, struct genl_info *info)
18496 {
18497 unsigned int link_id = nl80211_link_id(info->attrs);
18498 struct net_device *dev = info->user_ptr[1];
18499 struct wireless_dev *wdev = dev->ieee80211_ptr;
18500
18501 /* cannot remove if there's no link */
18502 if (!info->attrs[NL80211_ATTR_MLO_LINK_ID])
18503 return -EINVAL;
18504
18505 switch (wdev->iftype) {
18506 case NL80211_IFTYPE_AP:
18507 break;
18508 default:
18509 return -EINVAL;
18510 }
18511
18512 cfg80211_remove_link(wdev, link_id);
18513
18514 return 0;
18515 }
18516
18517 static int
nl80211_add_mod_link_station(struct sk_buff * skb,struct genl_info * info,bool add)18518 nl80211_add_mod_link_station(struct sk_buff *skb, struct genl_info *info,
18519 bool add)
18520 {
18521 struct link_station_parameters params = {};
18522 struct cfg80211_registered_device *rdev = info->user_ptr[0];
18523 struct net_device *dev = info->user_ptr[1];
18524 int err;
18525
18526 if ((add && !rdev->ops->add_link_station) ||
18527 (!add && !rdev->ops->mod_link_station))
18528 return -EOPNOTSUPP;
18529
18530 if (add && !info->attrs[NL80211_ATTR_MAC])
18531 return -EINVAL;
18532
18533 if (!info->attrs[NL80211_ATTR_MLD_ADDR])
18534 return -EINVAL;
18535
18536 if (add && !info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES])
18537 return -EINVAL;
18538
18539 params.mld_mac = nla_data(info->attrs[NL80211_ATTR_MLD_ADDR]);
18540
18541 if (info->attrs[NL80211_ATTR_MAC]) {
18542 params.link_mac = nla_data(info->attrs[NL80211_ATTR_MAC]);
18543 if (!is_valid_ether_addr(params.link_mac))
18544 return -EINVAL;
18545 }
18546
18547 if (!info->attrs[NL80211_ATTR_MLO_LINK_ID])
18548 return -EINVAL;
18549
18550 params.link_id = nla_get_u8(info->attrs[NL80211_ATTR_MLO_LINK_ID]);
18551
18552 if (info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]) {
18553 params.supported_rates =
18554 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
18555 params.supported_rates_len =
18556 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
18557 }
18558
18559 if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
18560 params.ht_capa =
18561 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
18562
18563 if (info->attrs[NL80211_ATTR_VHT_CAPABILITY])
18564 params.vht_capa =
18565 nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]);
18566
18567 if (info->attrs[NL80211_ATTR_HE_CAPABILITY]) {
18568 params.he_capa =
18569 nla_data(info->attrs[NL80211_ATTR_HE_CAPABILITY]);
18570 params.he_capa_len =
18571 nla_len(info->attrs[NL80211_ATTR_HE_CAPABILITY]);
18572
18573 if (info->attrs[NL80211_ATTR_EHT_CAPABILITY]) {
18574 params.eht_capa =
18575 nla_data(info->attrs[NL80211_ATTR_EHT_CAPABILITY]);
18576 params.eht_capa_len =
18577 nla_len(info->attrs[NL80211_ATTR_EHT_CAPABILITY]);
18578
18579 if (!ieee80211_eht_capa_size_ok((const u8 *)params.he_capa,
18580 (const u8 *)params.eht_capa,
18581 params.eht_capa_len,
18582 false))
18583 return -EINVAL;
18584 }
18585 }
18586
18587 if (info->attrs[NL80211_ATTR_UHR_CAPABILITY]) {
18588 if (!params.eht_capa)
18589 return -EINVAL;
18590
18591 params.uhr_capa =
18592 nla_data(info->attrs[NL80211_ATTR_UHR_CAPABILITY]);
18593 params.uhr_capa_len =
18594 nla_len(info->attrs[NL80211_ATTR_UHR_CAPABILITY]);
18595 }
18596
18597 if (info->attrs[NL80211_ATTR_HE_6GHZ_CAPABILITY])
18598 params.he_6ghz_capa =
18599 nla_data(info->attrs[NL80211_ATTR_HE_6GHZ_CAPABILITY]);
18600
18601 if (info->attrs[NL80211_ATTR_OPMODE_NOTIF]) {
18602 params.opmode_notif_used = true;
18603 params.opmode_notif =
18604 nla_get_u8(info->attrs[NL80211_ATTR_OPMODE_NOTIF]);
18605 }
18606
18607 err = nl80211_parse_sta_txpower_setting(info, ¶ms.txpwr,
18608 ¶ms.txpwr_set);
18609 if (err)
18610 return err;
18611
18612 if (add)
18613 return rdev_add_link_station(rdev, dev, ¶ms);
18614
18615 return rdev_mod_link_station(rdev, dev, ¶ms);
18616 }
18617
18618 static int
nl80211_add_link_station(struct sk_buff * skb,struct genl_info * info)18619 nl80211_add_link_station(struct sk_buff *skb, struct genl_info *info)
18620 {
18621 return nl80211_add_mod_link_station(skb, info, true);
18622 }
18623
18624 static int
nl80211_modify_link_station(struct sk_buff * skb,struct genl_info * info)18625 nl80211_modify_link_station(struct sk_buff *skb, struct genl_info *info)
18626 {
18627 return nl80211_add_mod_link_station(skb, info, false);
18628 }
18629
18630 static int
nl80211_remove_link_station(struct sk_buff * skb,struct genl_info * info)18631 nl80211_remove_link_station(struct sk_buff *skb, struct genl_info *info)
18632 {
18633 struct link_station_del_parameters params = {};
18634 struct cfg80211_registered_device *rdev = info->user_ptr[0];
18635 struct net_device *dev = info->user_ptr[1];
18636
18637 if (!rdev->ops->del_link_station)
18638 return -EOPNOTSUPP;
18639
18640 if (!info->attrs[NL80211_ATTR_MLD_ADDR] ||
18641 !info->attrs[NL80211_ATTR_MLO_LINK_ID])
18642 return -EINVAL;
18643
18644 params.mld_mac = nla_data(info->attrs[NL80211_ATTR_MLD_ADDR]);
18645 params.link_id = nla_get_u8(info->attrs[NL80211_ATTR_MLO_LINK_ID]);
18646
18647 return rdev_del_link_station(rdev, dev, ¶ms);
18648 }
18649
nl80211_set_hw_timestamp(struct sk_buff * skb,struct genl_info * info)18650 static int nl80211_set_hw_timestamp(struct sk_buff *skb,
18651 struct genl_info *info)
18652 {
18653 struct cfg80211_registered_device *rdev = info->user_ptr[0];
18654 struct net_device *dev = info->user_ptr[1];
18655 struct cfg80211_set_hw_timestamp hwts = {};
18656
18657 if (!rdev->wiphy.hw_timestamp_max_peers)
18658 return -EOPNOTSUPP;
18659
18660 if (!info->attrs[NL80211_ATTR_MAC] &&
18661 rdev->wiphy.hw_timestamp_max_peers != CFG80211_HW_TIMESTAMP_ALL_PEERS)
18662 return -EOPNOTSUPP;
18663
18664 if (info->attrs[NL80211_ATTR_MAC])
18665 hwts.macaddr = nla_data(info->attrs[NL80211_ATTR_MAC]);
18666
18667 hwts.enable =
18668 nla_get_flag(info->attrs[NL80211_ATTR_HW_TIMESTAMP_ENABLED]);
18669
18670 return rdev_set_hw_timestamp(rdev, dev, &hwts);
18671 }
18672
18673 static int
nl80211_set_ttlm(struct sk_buff * skb,struct genl_info * info)18674 nl80211_set_ttlm(struct sk_buff *skb, struct genl_info *info)
18675 {
18676 struct cfg80211_ttlm_params params = {};
18677 struct cfg80211_registered_device *rdev = info->user_ptr[0];
18678 struct net_device *dev = info->user_ptr[1];
18679 struct wireless_dev *wdev = dev->ieee80211_ptr;
18680
18681 if (wdev->iftype != NL80211_IFTYPE_STATION &&
18682 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
18683 return -EOPNOTSUPP;
18684
18685 if (!wdev->connected)
18686 return -ENOLINK;
18687
18688 if (!info->attrs[NL80211_ATTR_MLO_TTLM_DLINK] ||
18689 !info->attrs[NL80211_ATTR_MLO_TTLM_ULINK])
18690 return -EINVAL;
18691
18692 nla_memcpy(params.dlink,
18693 info->attrs[NL80211_ATTR_MLO_TTLM_DLINK],
18694 sizeof(params.dlink));
18695 nla_memcpy(params.ulink,
18696 info->attrs[NL80211_ATTR_MLO_TTLM_ULINK],
18697 sizeof(params.ulink));
18698
18699 return rdev_set_ttlm(rdev, dev, ¶ms);
18700 }
18701
nl80211_assoc_ml_reconf(struct sk_buff * skb,struct genl_info * info)18702 static int nl80211_assoc_ml_reconf(struct sk_buff *skb, struct genl_info *info)
18703 {
18704 struct cfg80211_registered_device *rdev = info->user_ptr[0];
18705 struct net_device *dev = info->user_ptr[1];
18706 struct wireless_dev *wdev = dev->ieee80211_ptr;
18707 struct cfg80211_ml_reconf_req req = {};
18708 unsigned int link_id;
18709 u16 add_links;
18710 int err;
18711
18712 if (!wdev->valid_links)
18713 return -EINVAL;
18714
18715 if (dev->ieee80211_ptr->conn_owner_nlportid &&
18716 dev->ieee80211_ptr->conn_owner_nlportid != info->snd_portid)
18717 return -EPERM;
18718
18719 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
18720 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
18721 return -EOPNOTSUPP;
18722
18723 add_links = 0;
18724 if (info->attrs[NL80211_ATTR_MLO_LINKS]) {
18725 err = nl80211_process_links(rdev, req.add_links,
18726 /* mark as MLO, but not assoc */
18727 IEEE80211_MLD_MAX_NUM_LINKS,
18728 NULL, 0, info);
18729 if (err)
18730 return err;
18731
18732 for (link_id = 0; link_id < IEEE80211_MLD_MAX_NUM_LINKS;
18733 link_id++) {
18734 if (!req.add_links[link_id].bss)
18735 continue;
18736 add_links |= BIT(link_id);
18737 }
18738 }
18739
18740 if (info->attrs[NL80211_ATTR_MLO_RECONF_REM_LINKS])
18741 req.rem_links =
18742 nla_get_u16(info->attrs[NL80211_ATTR_MLO_RECONF_REM_LINKS]);
18743
18744 /* Validate that existing links are not added, removed links are valid
18745 * and don't allow adding and removing the same links
18746 */
18747 if ((add_links & req.rem_links) || !(add_links | req.rem_links) ||
18748 (wdev->valid_links & add_links) ||
18749 ((wdev->valid_links & req.rem_links) != req.rem_links)) {
18750 err = -EINVAL;
18751 goto out;
18752 }
18753
18754 if (info->attrs[NL80211_ATTR_ASSOC_MLD_EXT_CAPA_OPS])
18755 req.ext_mld_capa_ops =
18756 nla_get_u16(info->attrs[NL80211_ATTR_ASSOC_MLD_EXT_CAPA_OPS]);
18757
18758 err = cfg80211_assoc_ml_reconf(rdev, dev, &req);
18759
18760 out:
18761 for (link_id = 0; link_id < ARRAY_SIZE(req.add_links); link_id++)
18762 cfg80211_put_bss(&rdev->wiphy, req.add_links[link_id].bss);
18763
18764 return err;
18765 }
18766
18767 static int
nl80211_epcs_cfg(struct sk_buff * skb,struct genl_info * info)18768 nl80211_epcs_cfg(struct sk_buff *skb, struct genl_info *info)
18769 {
18770 struct cfg80211_registered_device *rdev = info->user_ptr[0];
18771 struct net_device *dev = info->user_ptr[1];
18772 struct wireless_dev *wdev = dev->ieee80211_ptr;
18773 bool val;
18774
18775 if (wdev->iftype != NL80211_IFTYPE_STATION &&
18776 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
18777 return -EOPNOTSUPP;
18778
18779 if (!wdev->connected)
18780 return -ENOLINK;
18781
18782 val = nla_get_flag(info->attrs[NL80211_ATTR_EPCS]);
18783
18784 return rdev_set_epcs(rdev, dev, val);
18785 }
18786
18787 #define NL80211_FLAG_NEED_WIPHY 0x01
18788 #define NL80211_FLAG_NEED_NETDEV 0x02
18789 #define NL80211_FLAG_NEED_RTNL 0x04
18790 #define NL80211_FLAG_CHECK_NETDEV_UP 0x08
18791 #define NL80211_FLAG_NEED_NETDEV_UP (NL80211_FLAG_NEED_NETDEV |\
18792 NL80211_FLAG_CHECK_NETDEV_UP)
18793 #define NL80211_FLAG_NEED_WDEV 0x10
18794 /* If a netdev is associated, it must be UP, P2P must be started */
18795 #define NL80211_FLAG_NEED_WDEV_UP (NL80211_FLAG_NEED_WDEV |\
18796 NL80211_FLAG_CHECK_NETDEV_UP)
18797 #define NL80211_FLAG_CLEAR_SKB 0x20
18798 #define NL80211_FLAG_NO_WIPHY_MTX 0x40
18799 #define NL80211_FLAG_MLO_VALID_LINK_ID 0x80
18800 #define NL80211_FLAG_MLO_UNSUPPORTED 0x100
18801
18802 #define INTERNAL_FLAG_SELECTORS(__sel) \
18803 SELECTOR(__sel, NONE, 0) /* must be first */ \
18804 SELECTOR(__sel, WIPHY, \
18805 NL80211_FLAG_NEED_WIPHY) \
18806 SELECTOR(__sel, WDEV, \
18807 NL80211_FLAG_NEED_WDEV) \
18808 SELECTOR(__sel, NETDEV, \
18809 NL80211_FLAG_NEED_NETDEV) \
18810 SELECTOR(__sel, NETDEV_LINK, \
18811 NL80211_FLAG_NEED_NETDEV | \
18812 NL80211_FLAG_MLO_VALID_LINK_ID) \
18813 SELECTOR(__sel, NETDEV_NO_MLO, \
18814 NL80211_FLAG_NEED_NETDEV | \
18815 NL80211_FLAG_MLO_UNSUPPORTED) \
18816 SELECTOR(__sel, WIPHY_RTNL, \
18817 NL80211_FLAG_NEED_WIPHY | \
18818 NL80211_FLAG_NEED_RTNL) \
18819 SELECTOR(__sel, WIPHY_RTNL_NOMTX, \
18820 NL80211_FLAG_NEED_WIPHY | \
18821 NL80211_FLAG_NEED_RTNL | \
18822 NL80211_FLAG_NO_WIPHY_MTX) \
18823 SELECTOR(__sel, WDEV_RTNL, \
18824 NL80211_FLAG_NEED_WDEV | \
18825 NL80211_FLAG_NEED_RTNL) \
18826 SELECTOR(__sel, NETDEV_RTNL, \
18827 NL80211_FLAG_NEED_NETDEV | \
18828 NL80211_FLAG_NEED_RTNL) \
18829 SELECTOR(__sel, NETDEV_UP, \
18830 NL80211_FLAG_NEED_NETDEV_UP) \
18831 SELECTOR(__sel, NETDEV_UP_LINK, \
18832 NL80211_FLAG_NEED_NETDEV_UP | \
18833 NL80211_FLAG_MLO_VALID_LINK_ID) \
18834 SELECTOR(__sel, NETDEV_UP_NO_MLO, \
18835 NL80211_FLAG_NEED_NETDEV_UP | \
18836 NL80211_FLAG_MLO_UNSUPPORTED) \
18837 SELECTOR(__sel, NETDEV_UP_NO_MLO_CLEAR, \
18838 NL80211_FLAG_NEED_NETDEV_UP | \
18839 NL80211_FLAG_CLEAR_SKB | \
18840 NL80211_FLAG_MLO_UNSUPPORTED) \
18841 SELECTOR(__sel, NETDEV_UP_NOTMX, \
18842 NL80211_FLAG_NEED_NETDEV_UP | \
18843 NL80211_FLAG_NO_WIPHY_MTX) \
18844 SELECTOR(__sel, NETDEV_UP_NOTMX_MLO, \
18845 NL80211_FLAG_NEED_NETDEV_UP | \
18846 NL80211_FLAG_NO_WIPHY_MTX | \
18847 NL80211_FLAG_MLO_VALID_LINK_ID) \
18848 SELECTOR(__sel, NETDEV_UP_CLEAR, \
18849 NL80211_FLAG_NEED_NETDEV_UP | \
18850 NL80211_FLAG_CLEAR_SKB) \
18851 SELECTOR(__sel, WDEV_UP, \
18852 NL80211_FLAG_NEED_WDEV_UP) \
18853 SELECTOR(__sel, WDEV_UP_CLEAR, \
18854 NL80211_FLAG_NEED_WDEV_UP | \
18855 NL80211_FLAG_CLEAR_SKB) \
18856 SELECTOR(__sel, WDEV_UP_LINK, \
18857 NL80211_FLAG_NEED_WDEV_UP | \
18858 NL80211_FLAG_MLO_VALID_LINK_ID) \
18859 SELECTOR(__sel, WDEV_UP_RTNL, \
18860 NL80211_FLAG_NEED_WDEV_UP | \
18861 NL80211_FLAG_NEED_RTNL) \
18862 SELECTOR(__sel, WIPHY_CLEAR, \
18863 NL80211_FLAG_NEED_WIPHY | \
18864 NL80211_FLAG_CLEAR_SKB) \
18865 SELECTOR(__sel, WDEV_UP_RTNL_NOMTX, \
18866 NL80211_FLAG_NEED_WDEV_UP | \
18867 NL80211_FLAG_NO_WIPHY_MTX | \
18868 NL80211_FLAG_NEED_RTNL)
18869
18870 enum nl80211_internal_flags_selector {
18871 #define SELECTOR(_, name, value) NL80211_IFL_SEL_##name,
18872 INTERNAL_FLAG_SELECTORS(_)
18873 #undef SELECTOR
18874 };
18875
18876 static u32 nl80211_internal_flags[] = {
18877 #define SELECTOR(_, name, value) [NL80211_IFL_SEL_##name] = value,
18878 INTERNAL_FLAG_SELECTORS(_)
18879 #undef SELECTOR
18880 };
18881
nl80211_pre_doit(const struct genl_split_ops * ops,struct sk_buff * skb,struct genl_info * info)18882 static int nl80211_pre_doit(const struct genl_split_ops *ops,
18883 struct sk_buff *skb,
18884 struct genl_info *info)
18885 {
18886 struct cfg80211_registered_device *rdev = NULL;
18887 struct wireless_dev *wdev = NULL;
18888 struct net_device *dev = NULL;
18889 u32 internal_flags;
18890 int err;
18891
18892 if (WARN_ON(ops->internal_flags >= ARRAY_SIZE(nl80211_internal_flags)))
18893 return -EINVAL;
18894
18895 internal_flags = nl80211_internal_flags[ops->internal_flags];
18896
18897 rtnl_lock();
18898 if (internal_flags & NL80211_FLAG_NEED_WIPHY) {
18899 rdev = cfg80211_get_dev_from_info(genl_info_net(info), info);
18900 if (IS_ERR(rdev)) {
18901 err = PTR_ERR(rdev);
18902 goto out_unlock;
18903 }
18904 info->user_ptr[0] = rdev;
18905 } else if (internal_flags & NL80211_FLAG_NEED_NETDEV ||
18906 internal_flags & NL80211_FLAG_NEED_WDEV) {
18907 wdev = __cfg80211_wdev_from_attrs(NULL, genl_info_net(info),
18908 info->attrs);
18909 if (IS_ERR(wdev)) {
18910 err = PTR_ERR(wdev);
18911 goto out_unlock;
18912 }
18913
18914 dev = wdev->netdev;
18915 dev_hold(dev);
18916 rdev = wiphy_to_rdev(wdev->wiphy);
18917
18918 if (internal_flags & NL80211_FLAG_NEED_NETDEV) {
18919 if (!dev) {
18920 err = -EINVAL;
18921 goto out_unlock;
18922 }
18923
18924 info->user_ptr[1] = dev;
18925 } else {
18926 info->user_ptr[1] = wdev;
18927 }
18928
18929 if (internal_flags & NL80211_FLAG_CHECK_NETDEV_UP &&
18930 !wdev_running(wdev)) {
18931 err = -ENETDOWN;
18932 goto out_unlock;
18933 }
18934
18935 info->user_ptr[0] = rdev;
18936 }
18937
18938 if (internal_flags & NL80211_FLAG_MLO_VALID_LINK_ID) {
18939 struct nlattr *link_id = info->attrs[NL80211_ATTR_MLO_LINK_ID];
18940
18941 if (!wdev) {
18942 err = -EINVAL;
18943 goto out_unlock;
18944 }
18945
18946 /* MLO -> require valid link ID */
18947 if (wdev->valid_links &&
18948 (!link_id ||
18949 !(wdev->valid_links & BIT(nla_get_u8(link_id))))) {
18950 err = -EINVAL;
18951 goto out_unlock;
18952 }
18953
18954 /* non-MLO -> no link ID attribute accepted */
18955 if (!wdev->valid_links && link_id) {
18956 err = -EINVAL;
18957 goto out_unlock;
18958 }
18959 }
18960
18961 if (internal_flags & NL80211_FLAG_MLO_UNSUPPORTED) {
18962 if (info->attrs[NL80211_ATTR_MLO_LINK_ID] ||
18963 (wdev && wdev->valid_links)) {
18964 err = -EINVAL;
18965 goto out_unlock;
18966 }
18967 }
18968
18969 if (rdev && !(internal_flags & NL80211_FLAG_NO_WIPHY_MTX)) {
18970 wiphy_lock(&rdev->wiphy);
18971 /* we keep the mutex locked until post_doit */
18972 __release(&rdev->wiphy.mtx);
18973 }
18974 if (!(internal_flags & NL80211_FLAG_NEED_RTNL))
18975 rtnl_unlock();
18976
18977 return 0;
18978 out_unlock:
18979 rtnl_unlock();
18980 dev_put(dev);
18981 return err;
18982 }
18983
nl80211_post_doit(const struct genl_split_ops * ops,struct sk_buff * skb,struct genl_info * info)18984 static void nl80211_post_doit(const struct genl_split_ops *ops,
18985 struct sk_buff *skb,
18986 struct genl_info *info)
18987 {
18988 u32 internal_flags = nl80211_internal_flags[ops->internal_flags];
18989
18990 if (info->user_ptr[1]) {
18991 if (internal_flags & NL80211_FLAG_NEED_WDEV) {
18992 struct wireless_dev *wdev = info->user_ptr[1];
18993
18994 dev_put(wdev->netdev);
18995 } else {
18996 dev_put(info->user_ptr[1]);
18997 }
18998 }
18999
19000 if (info->user_ptr[0] &&
19001 !(internal_flags & NL80211_FLAG_NO_WIPHY_MTX)) {
19002 struct cfg80211_registered_device *rdev = info->user_ptr[0];
19003
19004 /* we kept the mutex locked since pre_doit */
19005 __acquire(&rdev->wiphy.mtx);
19006 wiphy_unlock(&rdev->wiphy);
19007 }
19008
19009 if (internal_flags & NL80211_FLAG_NEED_RTNL)
19010 rtnl_unlock();
19011
19012 /* If needed, clear the netlink message payload from the SKB
19013 * as it might contain key data that shouldn't stick around on
19014 * the heap after the SKB is freed. The netlink message header
19015 * is still needed for further processing, so leave it intact.
19016 */
19017 if (internal_flags & NL80211_FLAG_CLEAR_SKB) {
19018 struct nlmsghdr *nlh = nlmsg_hdr(skb);
19019
19020 memset(nlmsg_data(nlh), 0, nlmsg_len(nlh));
19021 }
19022 }
19023
nl80211_set_sar_sub_specs(struct cfg80211_registered_device * rdev,struct cfg80211_sar_specs * sar_specs,struct nlattr * spec[],int index)19024 static int nl80211_set_sar_sub_specs(struct cfg80211_registered_device *rdev,
19025 struct cfg80211_sar_specs *sar_specs,
19026 struct nlattr *spec[], int index)
19027 {
19028 u32 range_index, i;
19029
19030 if (!sar_specs || !spec)
19031 return -EINVAL;
19032
19033 if (!spec[NL80211_SAR_ATTR_SPECS_POWER] ||
19034 !spec[NL80211_SAR_ATTR_SPECS_RANGE_INDEX])
19035 return -EINVAL;
19036
19037 range_index = nla_get_u32(spec[NL80211_SAR_ATTR_SPECS_RANGE_INDEX]);
19038
19039 /* check if range_index exceeds num_freq_ranges */
19040 if (range_index >= rdev->wiphy.sar_capa->num_freq_ranges)
19041 return -EINVAL;
19042
19043 /* check if range_index duplicates */
19044 for (i = 0; i < index; i++) {
19045 if (sar_specs->sub_specs[i].freq_range_index == range_index)
19046 return -EINVAL;
19047 }
19048
19049 sar_specs->sub_specs[index].power =
19050 nla_get_s32(spec[NL80211_SAR_ATTR_SPECS_POWER]);
19051
19052 sar_specs->sub_specs[index].freq_range_index = range_index;
19053
19054 return 0;
19055 }
19056
nl80211_set_sar_specs(struct sk_buff * skb,struct genl_info * info)19057 static int nl80211_set_sar_specs(struct sk_buff *skb, struct genl_info *info)
19058 {
19059 struct cfg80211_registered_device *rdev = info->user_ptr[0];
19060 struct nlattr *spec[NL80211_SAR_ATTR_SPECS_MAX + 1];
19061 struct nlattr *tb[NL80211_SAR_ATTR_MAX + 1];
19062 struct cfg80211_sar_specs *sar_spec;
19063 enum nl80211_sar_type type;
19064 struct nlattr *spec_list;
19065 u32 specs;
19066 int rem, err;
19067
19068 if (!rdev->wiphy.sar_capa || !rdev->ops->set_sar_specs)
19069 return -EOPNOTSUPP;
19070
19071 if (!info->attrs[NL80211_ATTR_SAR_SPEC])
19072 return -EINVAL;
19073
19074 nla_parse_nested(tb, NL80211_SAR_ATTR_MAX,
19075 info->attrs[NL80211_ATTR_SAR_SPEC],
19076 NULL, NULL);
19077
19078 if (!tb[NL80211_SAR_ATTR_TYPE] || !tb[NL80211_SAR_ATTR_SPECS])
19079 return -EINVAL;
19080
19081 type = nla_get_u32(tb[NL80211_SAR_ATTR_TYPE]);
19082 if (type != rdev->wiphy.sar_capa->type)
19083 return -EINVAL;
19084
19085 specs = 0;
19086 nla_for_each_nested(spec_list, tb[NL80211_SAR_ATTR_SPECS], rem)
19087 specs++;
19088
19089 if (specs > rdev->wiphy.sar_capa->num_freq_ranges)
19090 return -EINVAL;
19091
19092 sar_spec = kzalloc_flex(*sar_spec, sub_specs, specs);
19093 if (!sar_spec)
19094 return -ENOMEM;
19095
19096 sar_spec->num_sub_specs = specs;
19097 sar_spec->type = type;
19098 specs = 0;
19099 nla_for_each_nested(spec_list, tb[NL80211_SAR_ATTR_SPECS], rem) {
19100 nla_parse_nested(spec, NL80211_SAR_ATTR_SPECS_MAX,
19101 spec_list, NULL, NULL);
19102
19103 switch (type) {
19104 case NL80211_SAR_TYPE_POWER:
19105 if (nl80211_set_sar_sub_specs(rdev, sar_spec,
19106 spec, specs)) {
19107 err = -EINVAL;
19108 goto error;
19109 }
19110 break;
19111 default:
19112 err = -EINVAL;
19113 goto error;
19114 }
19115 specs++;
19116 }
19117
19118 sar_spec->num_sub_specs = specs;
19119
19120 rdev->cur_cmd_info = info;
19121 err = rdev_set_sar_specs(rdev, sar_spec);
19122 rdev->cur_cmd_info = NULL;
19123 error:
19124 kfree(sar_spec);
19125 return err;
19126 }
19127
19128 #define SELECTOR(__sel, name, value) \
19129 ((__sel) == (value)) ? NL80211_IFL_SEL_##name :
19130 int __missing_selector(void);
19131 #define IFLAGS(__val) INTERNAL_FLAG_SELECTORS(__val) __missing_selector()
19132
19133 static const struct genl_ops nl80211_ops[] = {
19134 {
19135 .cmd = NL80211_CMD_GET_WIPHY,
19136 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19137 .doit = nl80211_get_wiphy,
19138 .dumpit = nl80211_dump_wiphy,
19139 .done = nl80211_dump_wiphy_done,
19140 /* can be retrieved by unprivileged users */
19141 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WIPHY),
19142 },
19143 };
19144
19145 static const struct genl_small_ops nl80211_small_ops[] = {
19146 {
19147 .cmd = NL80211_CMD_SET_WIPHY,
19148 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19149 .doit = nl80211_set_wiphy,
19150 .flags = GENL_UNS_ADMIN_PERM,
19151 },
19152 {
19153 .cmd = NL80211_CMD_GET_INTERFACE,
19154 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19155 .doit = nl80211_get_interface,
19156 .dumpit = nl80211_dump_interface,
19157 /* can be retrieved by unprivileged users */
19158 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV),
19159 },
19160 {
19161 .cmd = NL80211_CMD_SET_INTERFACE,
19162 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19163 .doit = nl80211_set_interface,
19164 .flags = GENL_UNS_ADMIN_PERM,
19165 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV |
19166 NL80211_FLAG_NEED_RTNL),
19167 },
19168 {
19169 .cmd = NL80211_CMD_NEW_INTERFACE,
19170 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19171 .doit = nl80211_new_interface,
19172 .flags = GENL_UNS_ADMIN_PERM,
19173 .internal_flags =
19174 IFLAGS(NL80211_FLAG_NEED_WIPHY |
19175 NL80211_FLAG_NEED_RTNL |
19176 /* we take the wiphy mutex later ourselves */
19177 NL80211_FLAG_NO_WIPHY_MTX),
19178 },
19179 {
19180 .cmd = NL80211_CMD_DEL_INTERFACE,
19181 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19182 .doit = nl80211_del_interface,
19183 .flags = GENL_UNS_ADMIN_PERM,
19184 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV |
19185 NL80211_FLAG_NEED_RTNL),
19186 },
19187 {
19188 .cmd = NL80211_CMD_GET_KEY,
19189 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19190 .doit = nl80211_get_key,
19191 .flags = GENL_UNS_ADMIN_PERM,
19192 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP),
19193 },
19194 {
19195 .cmd = NL80211_CMD_SET_KEY,
19196 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19197 .doit = nl80211_set_key,
19198 .flags = GENL_UNS_ADMIN_PERM,
19199 /* cannot use NL80211_FLAG_MLO_VALID_LINK_ID, depends on key */
19200 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP |
19201 NL80211_FLAG_CLEAR_SKB),
19202 },
19203 {
19204 .cmd = NL80211_CMD_NEW_KEY,
19205 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19206 .doit = nl80211_new_key,
19207 .flags = GENL_UNS_ADMIN_PERM,
19208 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP |
19209 NL80211_FLAG_CLEAR_SKB),
19210 },
19211 {
19212 .cmd = NL80211_CMD_DEL_KEY,
19213 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19214 .doit = nl80211_del_key,
19215 .flags = GENL_UNS_ADMIN_PERM,
19216 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP),
19217 },
19218 {
19219 .cmd = NL80211_CMD_SET_BEACON,
19220 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19221 .flags = GENL_UNS_ADMIN_PERM,
19222 .doit = nl80211_set_beacon,
19223 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
19224 NL80211_FLAG_MLO_VALID_LINK_ID),
19225 },
19226 {
19227 .cmd = NL80211_CMD_START_AP,
19228 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19229 .flags = GENL_UNS_ADMIN_PERM,
19230 .doit = nl80211_start_ap,
19231 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
19232 NL80211_FLAG_MLO_VALID_LINK_ID),
19233 },
19234 {
19235 .cmd = NL80211_CMD_STOP_AP,
19236 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19237 .flags = GENL_UNS_ADMIN_PERM,
19238 .doit = nl80211_stop_ap,
19239 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
19240 NL80211_FLAG_MLO_VALID_LINK_ID),
19241 },
19242 {
19243 .cmd = NL80211_CMD_GET_STATION,
19244 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19245 .doit = nl80211_get_station,
19246 .dumpit = nl80211_dump_station,
19247 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV),
19248 },
19249 {
19250 .cmd = NL80211_CMD_SET_STATION,
19251 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19252 .doit = nl80211_set_station,
19253 .flags = GENL_UNS_ADMIN_PERM,
19254 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP),
19255 },
19256 {
19257 .cmd = NL80211_CMD_NEW_STATION,
19258 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19259 .doit = nl80211_new_station,
19260 .flags = GENL_UNS_ADMIN_PERM,
19261 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP),
19262 },
19263 {
19264 .cmd = NL80211_CMD_DEL_STATION,
19265 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19266 .doit = nl80211_del_station,
19267 .flags = GENL_UNS_ADMIN_PERM,
19268 /* cannot use NL80211_FLAG_MLO_VALID_LINK_ID, depends on
19269 * whether MAC address is passed or not. If MAC address is
19270 * passed, then even during MLO, link ID is not required.
19271 */
19272 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP),
19273 },
19274 {
19275 .cmd = NL80211_CMD_GET_MPATH,
19276 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19277 .doit = nl80211_get_mpath,
19278 .dumpit = nl80211_dump_mpath,
19279 .flags = GENL_UNS_ADMIN_PERM,
19280 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
19281 },
19282 {
19283 .cmd = NL80211_CMD_GET_MPP,
19284 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19285 .doit = nl80211_get_mpp,
19286 .dumpit = nl80211_dump_mpp,
19287 .flags = GENL_UNS_ADMIN_PERM,
19288 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
19289 },
19290 {
19291 .cmd = NL80211_CMD_SET_MPATH,
19292 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19293 .doit = nl80211_set_mpath,
19294 .flags = GENL_UNS_ADMIN_PERM,
19295 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
19296 },
19297 {
19298 .cmd = NL80211_CMD_NEW_MPATH,
19299 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19300 .doit = nl80211_new_mpath,
19301 .flags = GENL_UNS_ADMIN_PERM,
19302 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
19303 },
19304 {
19305 .cmd = NL80211_CMD_DEL_MPATH,
19306 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19307 .doit = nl80211_del_mpath,
19308 .flags = GENL_UNS_ADMIN_PERM,
19309 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
19310 },
19311 {
19312 .cmd = NL80211_CMD_SET_BSS,
19313 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19314 .doit = nl80211_set_bss,
19315 .flags = GENL_UNS_ADMIN_PERM,
19316 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
19317 NL80211_FLAG_MLO_VALID_LINK_ID),
19318 },
19319 {
19320 .cmd = NL80211_CMD_GET_REG,
19321 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19322 .doit = nl80211_get_reg_do,
19323 .dumpit = nl80211_get_reg_dump,
19324 /* can be retrieved by unprivileged users */
19325 },
19326 #ifdef CONFIG_CFG80211_CRDA_SUPPORT
19327 {
19328 .cmd = NL80211_CMD_SET_REG,
19329 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19330 .doit = nl80211_set_reg,
19331 .flags = GENL_ADMIN_PERM,
19332 },
19333 #endif
19334 {
19335 .cmd = NL80211_CMD_REQ_SET_REG,
19336 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19337 .doit = nl80211_req_set_reg,
19338 .flags = GENL_ADMIN_PERM,
19339 },
19340 {
19341 .cmd = NL80211_CMD_RELOAD_REGDB,
19342 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19343 .doit = nl80211_reload_regdb,
19344 .flags = GENL_ADMIN_PERM,
19345 },
19346 {
19347 .cmd = NL80211_CMD_GET_MESH_CONFIG,
19348 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19349 .doit = nl80211_get_mesh_config,
19350 /* can be retrieved by unprivileged users */
19351 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
19352 },
19353 {
19354 .cmd = NL80211_CMD_SET_MESH_CONFIG,
19355 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19356 .doit = nl80211_update_mesh_config,
19357 .flags = GENL_UNS_ADMIN_PERM,
19358 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
19359 },
19360 {
19361 .cmd = NL80211_CMD_TRIGGER_SCAN,
19362 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19363 .doit = nl80211_trigger_scan,
19364 .flags = GENL_UNS_ADMIN_PERM,
19365 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP),
19366 },
19367 {
19368 .cmd = NL80211_CMD_ABORT_SCAN,
19369 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19370 .doit = nl80211_abort_scan,
19371 .flags = GENL_UNS_ADMIN_PERM,
19372 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP),
19373 },
19374 {
19375 .cmd = NL80211_CMD_GET_SCAN,
19376 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19377 .dumpit = nl80211_dump_scan,
19378 },
19379 {
19380 .cmd = NL80211_CMD_START_SCHED_SCAN,
19381 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19382 .doit = nl80211_start_sched_scan,
19383 .flags = GENL_UNS_ADMIN_PERM,
19384 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
19385 },
19386 {
19387 .cmd = NL80211_CMD_STOP_SCHED_SCAN,
19388 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19389 .doit = nl80211_stop_sched_scan,
19390 .flags = GENL_UNS_ADMIN_PERM,
19391 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
19392 },
19393 {
19394 .cmd = NL80211_CMD_AUTHENTICATE,
19395 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19396 .doit = nl80211_authenticate,
19397 .flags = GENL_UNS_ADMIN_PERM,
19398 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
19399 NL80211_FLAG_CLEAR_SKB),
19400 },
19401 {
19402 .cmd = NL80211_CMD_ASSOCIATE,
19403 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19404 .doit = nl80211_associate,
19405 .flags = GENL_UNS_ADMIN_PERM,
19406 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
19407 NL80211_FLAG_CLEAR_SKB),
19408 },
19409 {
19410 .cmd = NL80211_CMD_DEAUTHENTICATE,
19411 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19412 .doit = nl80211_deauthenticate,
19413 .flags = GENL_UNS_ADMIN_PERM,
19414 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
19415 },
19416 {
19417 .cmd = NL80211_CMD_DISASSOCIATE,
19418 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19419 .doit = nl80211_disassociate,
19420 .flags = GENL_UNS_ADMIN_PERM,
19421 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
19422 },
19423 {
19424 .cmd = NL80211_CMD_JOIN_IBSS,
19425 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19426 .doit = nl80211_join_ibss,
19427 .flags = GENL_UNS_ADMIN_PERM,
19428 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
19429 },
19430 {
19431 .cmd = NL80211_CMD_LEAVE_IBSS,
19432 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19433 .doit = nl80211_leave_ibss,
19434 .flags = GENL_UNS_ADMIN_PERM,
19435 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
19436 },
19437 #ifdef CONFIG_NL80211_TESTMODE
19438 {
19439 .cmd = NL80211_CMD_TESTMODE,
19440 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19441 .doit = nl80211_testmode_do,
19442 .dumpit = nl80211_testmode_dump,
19443 .flags = GENL_UNS_ADMIN_PERM,
19444 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WIPHY),
19445 },
19446 #endif
19447 {
19448 .cmd = NL80211_CMD_CONNECT,
19449 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19450 .doit = nl80211_connect,
19451 .flags = GENL_UNS_ADMIN_PERM,
19452 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
19453 NL80211_FLAG_CLEAR_SKB),
19454 },
19455 {
19456 .cmd = NL80211_CMD_UPDATE_CONNECT_PARAMS,
19457 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19458 .doit = nl80211_update_connect_params,
19459 .flags = GENL_ADMIN_PERM,
19460 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
19461 NL80211_FLAG_CLEAR_SKB),
19462 },
19463 {
19464 .cmd = NL80211_CMD_DISCONNECT,
19465 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19466 .doit = nl80211_disconnect,
19467 .flags = GENL_UNS_ADMIN_PERM,
19468 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
19469 },
19470 {
19471 .cmd = NL80211_CMD_SET_WIPHY_NETNS,
19472 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19473 .doit = nl80211_wiphy_netns,
19474 .flags = GENL_UNS_ADMIN_PERM,
19475 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WIPHY |
19476 NL80211_FLAG_NEED_RTNL |
19477 NL80211_FLAG_NO_WIPHY_MTX),
19478 },
19479 {
19480 .cmd = NL80211_CMD_GET_SURVEY,
19481 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19482 .dumpit = nl80211_dump_survey,
19483 },
19484 {
19485 .cmd = NL80211_CMD_SET_PMKSA,
19486 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19487 .doit = nl80211_set_pmksa,
19488 .flags = GENL_UNS_ADMIN_PERM,
19489 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
19490 NL80211_FLAG_CLEAR_SKB),
19491 },
19492 {
19493 .cmd = NL80211_CMD_DEL_PMKSA,
19494 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19495 .doit = nl80211_del_pmksa,
19496 .flags = GENL_UNS_ADMIN_PERM,
19497 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
19498 },
19499 {
19500 .cmd = NL80211_CMD_FLUSH_PMKSA,
19501 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19502 .doit = nl80211_flush_pmksa,
19503 .flags = GENL_UNS_ADMIN_PERM,
19504 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
19505 },
19506 {
19507 .cmd = NL80211_CMD_REMAIN_ON_CHANNEL,
19508 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19509 .doit = nl80211_remain_on_channel,
19510 .flags = GENL_UNS_ADMIN_PERM,
19511 /* FIXME: requiring a link ID here is probably not good */
19512 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP |
19513 NL80211_FLAG_MLO_VALID_LINK_ID),
19514 },
19515 {
19516 .cmd = NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL,
19517 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19518 .doit = nl80211_cancel_remain_on_channel,
19519 .flags = GENL_UNS_ADMIN_PERM,
19520 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP),
19521 },
19522 {
19523 .cmd = NL80211_CMD_SET_TX_BITRATE_MASK,
19524 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19525 .doit = nl80211_set_tx_bitrate_mask,
19526 .flags = GENL_UNS_ADMIN_PERM,
19527 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV |
19528 NL80211_FLAG_MLO_VALID_LINK_ID),
19529 },
19530 {
19531 .cmd = NL80211_CMD_REGISTER_FRAME,
19532 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19533 .doit = nl80211_register_mgmt,
19534 .flags = GENL_UNS_ADMIN_PERM,
19535 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV),
19536 },
19537 {
19538 .cmd = NL80211_CMD_FRAME,
19539 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19540 .doit = nl80211_tx_mgmt,
19541 .flags = GENL_UNS_ADMIN_PERM,
19542 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP),
19543 },
19544 {
19545 .cmd = NL80211_CMD_FRAME_WAIT_CANCEL,
19546 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19547 .doit = nl80211_tx_mgmt_cancel_wait,
19548 .flags = GENL_UNS_ADMIN_PERM,
19549 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP),
19550 },
19551 {
19552 .cmd = NL80211_CMD_SET_POWER_SAVE,
19553 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19554 .doit = nl80211_set_power_save,
19555 .flags = GENL_UNS_ADMIN_PERM,
19556 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV),
19557 },
19558 {
19559 .cmd = NL80211_CMD_GET_POWER_SAVE,
19560 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19561 .doit = nl80211_get_power_save,
19562 /* can be retrieved by unprivileged users */
19563 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV),
19564 },
19565 {
19566 .cmd = NL80211_CMD_SET_CQM,
19567 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19568 .doit = nl80211_set_cqm,
19569 .flags = GENL_UNS_ADMIN_PERM,
19570 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV),
19571 },
19572 {
19573 .cmd = NL80211_CMD_SET_CHANNEL,
19574 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19575 .doit = nl80211_set_channel,
19576 .flags = GENL_UNS_ADMIN_PERM,
19577 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV |
19578 NL80211_FLAG_MLO_VALID_LINK_ID),
19579 },
19580 {
19581 .cmd = NL80211_CMD_JOIN_MESH,
19582 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19583 .doit = nl80211_join_mesh,
19584 .flags = GENL_UNS_ADMIN_PERM,
19585 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
19586 },
19587 {
19588 .cmd = NL80211_CMD_LEAVE_MESH,
19589 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19590 .doit = nl80211_leave_mesh,
19591 .flags = GENL_UNS_ADMIN_PERM,
19592 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
19593 },
19594 {
19595 .cmd = NL80211_CMD_JOIN_OCB,
19596 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19597 .doit = nl80211_join_ocb,
19598 .flags = GENL_UNS_ADMIN_PERM,
19599 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
19600 },
19601 {
19602 .cmd = NL80211_CMD_LEAVE_OCB,
19603 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19604 .doit = nl80211_leave_ocb,
19605 .flags = GENL_UNS_ADMIN_PERM,
19606 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
19607 },
19608 #ifdef CONFIG_PM
19609 {
19610 .cmd = NL80211_CMD_GET_WOWLAN,
19611 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19612 .doit = nl80211_get_wowlan,
19613 /* can be retrieved by unprivileged users */
19614 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WIPHY),
19615 },
19616 {
19617 .cmd = NL80211_CMD_SET_WOWLAN,
19618 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19619 .doit = nl80211_set_wowlan,
19620 .flags = GENL_UNS_ADMIN_PERM,
19621 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WIPHY),
19622 },
19623 #endif
19624 {
19625 .cmd = NL80211_CMD_SET_REKEY_OFFLOAD,
19626 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19627 .doit = nl80211_set_rekey_data,
19628 .flags = GENL_UNS_ADMIN_PERM,
19629 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
19630 NL80211_FLAG_CLEAR_SKB),
19631 },
19632 {
19633 .cmd = NL80211_CMD_TDLS_MGMT,
19634 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19635 .doit = nl80211_tdls_mgmt,
19636 .flags = GENL_UNS_ADMIN_PERM,
19637 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
19638 NL80211_FLAG_MLO_VALID_LINK_ID),
19639 },
19640 {
19641 .cmd = NL80211_CMD_TDLS_OPER,
19642 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19643 .doit = nl80211_tdls_oper,
19644 .flags = GENL_UNS_ADMIN_PERM,
19645 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
19646 },
19647 {
19648 .cmd = NL80211_CMD_UNEXPECTED_FRAME,
19649 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19650 .doit = nl80211_register_unexpected_frame,
19651 .flags = GENL_UNS_ADMIN_PERM,
19652 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV),
19653 },
19654 {
19655 .cmd = NL80211_CMD_PROBE_CLIENT,
19656 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19657 .doit = nl80211_probe_client,
19658 .flags = GENL_UNS_ADMIN_PERM,
19659 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
19660 },
19661 {
19662 .cmd = NL80211_CMD_REGISTER_BEACONS,
19663 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19664 .doit = nl80211_register_beacons,
19665 .flags = GENL_UNS_ADMIN_PERM,
19666 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WIPHY),
19667 },
19668 {
19669 .cmd = NL80211_CMD_SET_NOACK_MAP,
19670 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19671 .doit = nl80211_set_noack_map,
19672 .flags = GENL_UNS_ADMIN_PERM,
19673 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV),
19674 },
19675 {
19676 .cmd = NL80211_CMD_START_P2P_DEVICE,
19677 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19678 .doit = nl80211_start_p2p_device,
19679 .flags = GENL_UNS_ADMIN_PERM,
19680 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV |
19681 NL80211_FLAG_NEED_RTNL),
19682 },
19683 {
19684 .cmd = NL80211_CMD_STOP_P2P_DEVICE,
19685 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19686 .doit = nl80211_stop_p2p_device,
19687 .flags = GENL_UNS_ADMIN_PERM,
19688 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP |
19689 NL80211_FLAG_NEED_RTNL),
19690 },
19691 {
19692 .cmd = NL80211_CMD_START_NAN,
19693 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19694 .doit = nl80211_start_nan,
19695 .flags = GENL_ADMIN_PERM,
19696 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV |
19697 NL80211_FLAG_NEED_RTNL),
19698 },
19699 {
19700 .cmd = NL80211_CMD_STOP_NAN,
19701 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19702 .doit = nl80211_stop_nan,
19703 .flags = GENL_ADMIN_PERM,
19704 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP |
19705 NL80211_FLAG_NO_WIPHY_MTX |
19706 NL80211_FLAG_NEED_RTNL),
19707 },
19708 {
19709 .cmd = NL80211_CMD_ADD_NAN_FUNCTION,
19710 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19711 .doit = nl80211_nan_add_func,
19712 .flags = GENL_ADMIN_PERM,
19713 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP),
19714 },
19715 {
19716 .cmd = NL80211_CMD_DEL_NAN_FUNCTION,
19717 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19718 .doit = nl80211_nan_del_func,
19719 .flags = GENL_ADMIN_PERM,
19720 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP),
19721 },
19722 {
19723 .cmd = NL80211_CMD_CHANGE_NAN_CONFIG,
19724 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19725 .doit = nl80211_nan_change_config,
19726 .flags = GENL_ADMIN_PERM,
19727 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP),
19728 },
19729 {
19730 .cmd = NL80211_CMD_SET_MCAST_RATE,
19731 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19732 .doit = nl80211_set_mcast_rate,
19733 .flags = GENL_UNS_ADMIN_PERM,
19734 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV),
19735 },
19736 {
19737 .cmd = NL80211_CMD_SET_MAC_ACL,
19738 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19739 .doit = nl80211_set_mac_acl,
19740 .flags = GENL_UNS_ADMIN_PERM,
19741 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV |
19742 NL80211_FLAG_MLO_UNSUPPORTED),
19743 },
19744 {
19745 .cmd = NL80211_CMD_RADAR_DETECT,
19746 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19747 .doit = nl80211_start_radar_detection,
19748 .flags = GENL_UNS_ADMIN_PERM,
19749 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
19750 NL80211_FLAG_NO_WIPHY_MTX |
19751 NL80211_FLAG_MLO_VALID_LINK_ID),
19752 },
19753 {
19754 .cmd = NL80211_CMD_GET_PROTOCOL_FEATURES,
19755 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19756 .doit = nl80211_get_protocol_features,
19757 },
19758 {
19759 .cmd = NL80211_CMD_UPDATE_FT_IES,
19760 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19761 .doit = nl80211_update_ft_ies,
19762 .flags = GENL_UNS_ADMIN_PERM,
19763 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
19764 },
19765 {
19766 .cmd = NL80211_CMD_CRIT_PROTOCOL_START,
19767 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19768 .doit = nl80211_crit_protocol_start,
19769 .flags = GENL_UNS_ADMIN_PERM,
19770 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP),
19771 },
19772 {
19773 .cmd = NL80211_CMD_CRIT_PROTOCOL_STOP,
19774 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19775 .doit = nl80211_crit_protocol_stop,
19776 .flags = GENL_UNS_ADMIN_PERM,
19777 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP),
19778 },
19779 {
19780 .cmd = NL80211_CMD_GET_COALESCE,
19781 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19782 .doit = nl80211_get_coalesce,
19783 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WIPHY),
19784 },
19785 {
19786 .cmd = NL80211_CMD_SET_COALESCE,
19787 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19788 .doit = nl80211_set_coalesce,
19789 .flags = GENL_UNS_ADMIN_PERM,
19790 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WIPHY),
19791 },
19792 {
19793 .cmd = NL80211_CMD_CHANNEL_SWITCH,
19794 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19795 .doit = nl80211_channel_switch,
19796 .flags = GENL_UNS_ADMIN_PERM,
19797 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
19798 NL80211_FLAG_MLO_VALID_LINK_ID),
19799 },
19800 {
19801 .cmd = NL80211_CMD_VENDOR,
19802 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19803 .doit = nl80211_vendor_cmd,
19804 .dumpit = nl80211_vendor_cmd_dump,
19805 .flags = GENL_UNS_ADMIN_PERM,
19806 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WIPHY |
19807 NL80211_FLAG_CLEAR_SKB),
19808 },
19809 {
19810 .cmd = NL80211_CMD_SET_QOS_MAP,
19811 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19812 .doit = nl80211_set_qos_map,
19813 .flags = GENL_UNS_ADMIN_PERM,
19814 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
19815 },
19816 {
19817 .cmd = NL80211_CMD_ADD_TX_TS,
19818 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19819 .doit = nl80211_add_tx_ts,
19820 .flags = GENL_UNS_ADMIN_PERM,
19821 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
19822 NL80211_FLAG_MLO_UNSUPPORTED),
19823 },
19824 {
19825 .cmd = NL80211_CMD_DEL_TX_TS,
19826 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19827 .doit = nl80211_del_tx_ts,
19828 .flags = GENL_UNS_ADMIN_PERM,
19829 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
19830 },
19831 {
19832 .cmd = NL80211_CMD_TDLS_CHANNEL_SWITCH,
19833 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19834 .doit = nl80211_tdls_channel_switch,
19835 .flags = GENL_UNS_ADMIN_PERM,
19836 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
19837 },
19838 {
19839 .cmd = NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH,
19840 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19841 .doit = nl80211_tdls_cancel_channel_switch,
19842 .flags = GENL_UNS_ADMIN_PERM,
19843 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
19844 },
19845 {
19846 .cmd = NL80211_CMD_SET_MULTICAST_TO_UNICAST,
19847 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19848 .doit = nl80211_set_multicast_to_unicast,
19849 .flags = GENL_UNS_ADMIN_PERM,
19850 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV),
19851 },
19852 {
19853 .cmd = NL80211_CMD_SET_PMK,
19854 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19855 .doit = nl80211_set_pmk,
19856 .flags = GENL_UNS_ADMIN_PERM,
19857 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
19858 NL80211_FLAG_CLEAR_SKB),
19859 },
19860 {
19861 .cmd = NL80211_CMD_DEL_PMK,
19862 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19863 .doit = nl80211_del_pmk,
19864 .flags = GENL_UNS_ADMIN_PERM,
19865 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
19866 },
19867 {
19868 .cmd = NL80211_CMD_EXTERNAL_AUTH,
19869 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19870 .doit = nl80211_external_auth,
19871 .flags = GENL_ADMIN_PERM,
19872 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
19873 },
19874 {
19875 .cmd = NL80211_CMD_CONTROL_PORT_FRAME,
19876 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19877 .doit = nl80211_tx_control_port,
19878 .flags = GENL_UNS_ADMIN_PERM,
19879 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
19880 },
19881 {
19882 .cmd = NL80211_CMD_GET_FTM_RESPONDER_STATS,
19883 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19884 .doit = nl80211_get_ftm_responder_stats,
19885 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV |
19886 NL80211_FLAG_MLO_VALID_LINK_ID),
19887 },
19888 {
19889 .cmd = NL80211_CMD_PEER_MEASUREMENT_START,
19890 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19891 .doit = nl80211_pmsr_start,
19892 .flags = GENL_UNS_ADMIN_PERM,
19893 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP),
19894 },
19895 {
19896 .cmd = NL80211_CMD_NOTIFY_RADAR,
19897 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19898 .doit = nl80211_notify_radar_detection,
19899 .flags = GENL_UNS_ADMIN_PERM,
19900 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
19901 },
19902 {
19903 .cmd = NL80211_CMD_UPDATE_OWE_INFO,
19904 .doit = nl80211_update_owe_info,
19905 .flags = GENL_ADMIN_PERM,
19906 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
19907 },
19908 {
19909 .cmd = NL80211_CMD_PROBE_MESH_LINK,
19910 .doit = nl80211_probe_mesh_link,
19911 .flags = GENL_UNS_ADMIN_PERM,
19912 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
19913 },
19914 {
19915 .cmd = NL80211_CMD_SET_TID_CONFIG,
19916 .doit = nl80211_set_tid_config,
19917 .flags = GENL_UNS_ADMIN_PERM,
19918 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV |
19919 NL80211_FLAG_MLO_VALID_LINK_ID),
19920 },
19921 {
19922 .cmd = NL80211_CMD_SET_SAR_SPECS,
19923 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19924 .doit = nl80211_set_sar_specs,
19925 .flags = GENL_UNS_ADMIN_PERM,
19926 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WIPHY |
19927 NL80211_FLAG_NEED_RTNL),
19928 },
19929 {
19930 .cmd = NL80211_CMD_COLOR_CHANGE_REQUEST,
19931 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19932 .doit = nl80211_color_change,
19933 .flags = GENL_UNS_ADMIN_PERM,
19934 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
19935 NL80211_FLAG_MLO_VALID_LINK_ID),
19936 },
19937 {
19938 .cmd = NL80211_CMD_SET_FILS_AAD,
19939 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
19940 .doit = nl80211_set_fils_aad,
19941 .flags = GENL_UNS_ADMIN_PERM,
19942 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
19943 },
19944 {
19945 .cmd = NL80211_CMD_ADD_LINK,
19946 .doit = nl80211_add_link,
19947 .flags = GENL_UNS_ADMIN_PERM,
19948 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
19949 },
19950 {
19951 .cmd = NL80211_CMD_REMOVE_LINK,
19952 .doit = nl80211_remove_link,
19953 .flags = GENL_UNS_ADMIN_PERM,
19954 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
19955 NL80211_FLAG_MLO_VALID_LINK_ID),
19956 },
19957 {
19958 .cmd = NL80211_CMD_ADD_LINK_STA,
19959 .doit = nl80211_add_link_station,
19960 .flags = GENL_UNS_ADMIN_PERM,
19961 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
19962 NL80211_FLAG_MLO_VALID_LINK_ID),
19963 },
19964 {
19965 .cmd = NL80211_CMD_MODIFY_LINK_STA,
19966 .doit = nl80211_modify_link_station,
19967 .flags = GENL_UNS_ADMIN_PERM,
19968 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
19969 NL80211_FLAG_MLO_VALID_LINK_ID),
19970 },
19971 {
19972 .cmd = NL80211_CMD_REMOVE_LINK_STA,
19973 .doit = nl80211_remove_link_station,
19974 .flags = GENL_UNS_ADMIN_PERM,
19975 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP |
19976 NL80211_FLAG_MLO_VALID_LINK_ID),
19977 },
19978 {
19979 .cmd = NL80211_CMD_SET_HW_TIMESTAMP,
19980 .doit = nl80211_set_hw_timestamp,
19981 .flags = GENL_UNS_ADMIN_PERM,
19982 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
19983 },
19984 {
19985 .cmd = NL80211_CMD_SET_TID_TO_LINK_MAPPING,
19986 .doit = nl80211_set_ttlm,
19987 .flags = GENL_UNS_ADMIN_PERM,
19988 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
19989 },
19990 {
19991 .cmd = NL80211_CMD_ASSOC_MLO_RECONF,
19992 .doit = nl80211_assoc_ml_reconf,
19993 .flags = GENL_UNS_ADMIN_PERM,
19994 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
19995 },
19996 {
19997 .cmd = NL80211_CMD_EPCS_CFG,
19998 .doit = nl80211_epcs_cfg,
19999 .flags = GENL_UNS_ADMIN_PERM,
20000 .internal_flags = IFLAGS(NL80211_FLAG_NEED_NETDEV_UP),
20001 },
20002 {
20003 .cmd = NL80211_CMD_NAN_SET_LOCAL_SCHED,
20004 .doit = nl80211_nan_set_local_sched,
20005 .flags = GENL_ADMIN_PERM,
20006 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP),
20007 },
20008 {
20009 .cmd = NL80211_CMD_NAN_SET_PEER_SCHED,
20010 .doit = nl80211_nan_set_peer_sched,
20011 .flags = GENL_ADMIN_PERM,
20012 .internal_flags = IFLAGS(NL80211_FLAG_NEED_WDEV_UP),
20013 },
20014 };
20015
20016 static struct genl_family nl80211_fam __ro_after_init = {
20017 .name = NL80211_GENL_NAME, /* have users key off the name instead */
20018 .hdrsize = 0, /* no private header */
20019 .version = 1, /* no particular meaning now */
20020 .maxattr = NL80211_ATTR_MAX,
20021 .policy = nl80211_policy,
20022 .netnsok = true,
20023 .pre_doit = nl80211_pre_doit,
20024 .post_doit = nl80211_post_doit,
20025 .module = THIS_MODULE,
20026 .ops = nl80211_ops,
20027 .n_ops = ARRAY_SIZE(nl80211_ops),
20028 .small_ops = nl80211_small_ops,
20029 .n_small_ops = ARRAY_SIZE(nl80211_small_ops),
20030 .resv_start_op = NL80211_CMD_REMOVE_LINK_STA + 1,
20031 .mcgrps = nl80211_mcgrps,
20032 .n_mcgrps = ARRAY_SIZE(nl80211_mcgrps),
20033 .parallel_ops = true,
20034 };
20035
20036 /* notification functions */
20037
nl80211_notify_wiphy(struct cfg80211_registered_device * rdev,enum nl80211_commands cmd)20038 void nl80211_notify_wiphy(struct cfg80211_registered_device *rdev,
20039 enum nl80211_commands cmd)
20040 {
20041 struct sk_buff *msg;
20042 struct nl80211_dump_wiphy_state state = {};
20043
20044 WARN_ON(cmd != NL80211_CMD_NEW_WIPHY &&
20045 cmd != NL80211_CMD_DEL_WIPHY);
20046
20047 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
20048 if (!msg)
20049 return;
20050
20051 if (nl80211_send_wiphy(rdev, cmd, msg, 0, 0, 0, &state) < 0) {
20052 nlmsg_free(msg);
20053 return;
20054 }
20055
20056 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
20057 NL80211_MCGRP_CONFIG, GFP_KERNEL);
20058 }
20059
nl80211_notify_iface(struct cfg80211_registered_device * rdev,struct wireless_dev * wdev,enum nl80211_commands cmd)20060 void nl80211_notify_iface(struct cfg80211_registered_device *rdev,
20061 struct wireless_dev *wdev,
20062 enum nl80211_commands cmd)
20063 {
20064 struct sk_buff *msg;
20065
20066 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
20067 if (!msg)
20068 return;
20069
20070 if (nl80211_send_iface(msg, 0, 0, 0, rdev, wdev, cmd) < 0) {
20071 nlmsg_free(msg);
20072 return;
20073 }
20074
20075 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
20076 NL80211_MCGRP_CONFIG, GFP_KERNEL);
20077 }
20078
nl80211_add_scan_req(struct sk_buff * msg,struct cfg80211_registered_device * rdev)20079 static int nl80211_add_scan_req(struct sk_buff *msg,
20080 struct cfg80211_registered_device *rdev)
20081 {
20082 struct cfg80211_scan_request_int *req = rdev->scan_req;
20083 struct nlattr *nest;
20084 int i;
20085 struct cfg80211_scan_info *info;
20086
20087 if (WARN_ON(!req))
20088 return 0;
20089
20090 nest = nla_nest_start_noflag(msg, NL80211_ATTR_SCAN_SSIDS);
20091 if (!nest)
20092 goto nla_put_failure;
20093 for (i = 0; i < req->req.n_ssids; i++) {
20094 if (nla_put(msg, i, req->req.ssids[i].ssid_len,
20095 req->req.ssids[i].ssid))
20096 goto nla_put_failure;
20097 }
20098 nla_nest_end(msg, nest);
20099
20100 if (req->req.flags & NL80211_SCAN_FLAG_FREQ_KHZ) {
20101 nest = nla_nest_start(msg, NL80211_ATTR_SCAN_FREQ_KHZ);
20102 if (!nest)
20103 goto nla_put_failure;
20104 for (i = 0; i < req->req.n_channels; i++) {
20105 if (nla_put_u32(msg, i,
20106 ieee80211_channel_to_khz(req->req.channels[i])))
20107 goto nla_put_failure;
20108 }
20109 nla_nest_end(msg, nest);
20110 } else {
20111 nest = nla_nest_start_noflag(msg,
20112 NL80211_ATTR_SCAN_FREQUENCIES);
20113 if (!nest)
20114 goto nla_put_failure;
20115 for (i = 0; i < req->req.n_channels; i++) {
20116 if (nla_put_u32(msg, i,
20117 req->req.channels[i]->center_freq))
20118 goto nla_put_failure;
20119 }
20120 nla_nest_end(msg, nest);
20121 }
20122
20123 if (req->req.ie &&
20124 nla_put(msg, NL80211_ATTR_IE, req->req.ie_len, req->req.ie))
20125 goto nla_put_failure;
20126
20127 if (req->req.flags &&
20128 nla_put_u32(msg, NL80211_ATTR_SCAN_FLAGS, req->req.flags))
20129 goto nla_put_failure;
20130
20131 info = rdev->int_scan_req ? &rdev->int_scan_req->info :
20132 &rdev->scan_req->info;
20133 if (info->scan_start_tsf &&
20134 (nla_put_u64_64bit(msg, NL80211_ATTR_SCAN_START_TIME_TSF,
20135 info->scan_start_tsf, NL80211_BSS_PAD) ||
20136 nla_put(msg, NL80211_ATTR_SCAN_START_TIME_TSF_BSSID, ETH_ALEN,
20137 info->tsf_bssid)))
20138 goto nla_put_failure;
20139
20140 return 0;
20141 nla_put_failure:
20142 return -ENOBUFS;
20143 }
20144
nl80211_prep_scan_msg(struct sk_buff * msg,struct cfg80211_registered_device * rdev,struct wireless_dev * wdev,u32 portid,u32 seq,int flags,u32 cmd)20145 static int nl80211_prep_scan_msg(struct sk_buff *msg,
20146 struct cfg80211_registered_device *rdev,
20147 struct wireless_dev *wdev,
20148 u32 portid, u32 seq, int flags,
20149 u32 cmd)
20150 {
20151 void *hdr;
20152
20153 hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
20154 if (!hdr)
20155 return -1;
20156
20157 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
20158 (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
20159 wdev->netdev->ifindex)) ||
20160 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
20161 NL80211_ATTR_PAD))
20162 goto nla_put_failure;
20163
20164 /* ignore errors and send incomplete event anyway */
20165 nl80211_add_scan_req(msg, rdev);
20166
20167 genlmsg_end(msg, hdr);
20168 return 0;
20169
20170 nla_put_failure:
20171 genlmsg_cancel(msg, hdr);
20172 return -EMSGSIZE;
20173 }
20174
20175 static int
nl80211_prep_sched_scan_msg(struct sk_buff * msg,struct cfg80211_sched_scan_request * req,u32 cmd)20176 nl80211_prep_sched_scan_msg(struct sk_buff *msg,
20177 struct cfg80211_sched_scan_request *req, u32 cmd)
20178 {
20179 void *hdr;
20180
20181 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
20182 if (!hdr)
20183 return -1;
20184
20185 if (nla_put_u32(msg, NL80211_ATTR_WIPHY,
20186 wiphy_to_rdev(req->wiphy)->wiphy_idx) ||
20187 nla_put_u32(msg, NL80211_ATTR_IFINDEX, req->dev->ifindex) ||
20188 nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, req->reqid,
20189 NL80211_ATTR_PAD))
20190 goto nla_put_failure;
20191
20192 genlmsg_end(msg, hdr);
20193 return 0;
20194
20195 nla_put_failure:
20196 genlmsg_cancel(msg, hdr);
20197 return -EMSGSIZE;
20198 }
20199
nl80211_send_scan_start(struct cfg80211_registered_device * rdev,struct wireless_dev * wdev)20200 void nl80211_send_scan_start(struct cfg80211_registered_device *rdev,
20201 struct wireless_dev *wdev)
20202 {
20203 struct sk_buff *msg;
20204
20205 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
20206 if (!msg)
20207 return;
20208
20209 if (nl80211_prep_scan_msg(msg, rdev, wdev, 0, 0, 0,
20210 NL80211_CMD_TRIGGER_SCAN) < 0) {
20211 nlmsg_free(msg);
20212 return;
20213 }
20214
20215 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
20216 NL80211_MCGRP_SCAN, GFP_KERNEL);
20217 }
20218
nl80211_build_scan_msg(struct cfg80211_registered_device * rdev,struct wireless_dev * wdev,bool aborted)20219 struct sk_buff *nl80211_build_scan_msg(struct cfg80211_registered_device *rdev,
20220 struct wireless_dev *wdev, bool aborted)
20221 {
20222 struct sk_buff *msg;
20223
20224 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
20225 if (!msg)
20226 return NULL;
20227
20228 if (nl80211_prep_scan_msg(msg, rdev, wdev, 0, 0, 0,
20229 aborted ? NL80211_CMD_SCAN_ABORTED :
20230 NL80211_CMD_NEW_SCAN_RESULTS) < 0) {
20231 nlmsg_free(msg);
20232 return NULL;
20233 }
20234
20235 return msg;
20236 }
20237
20238 /* send message created by nl80211_build_scan_msg() */
nl80211_send_scan_msg(struct cfg80211_registered_device * rdev,struct sk_buff * msg)20239 void nl80211_send_scan_msg(struct cfg80211_registered_device *rdev,
20240 struct sk_buff *msg)
20241 {
20242 if (!msg)
20243 return;
20244
20245 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
20246 NL80211_MCGRP_SCAN, GFP_KERNEL);
20247 }
20248
nl80211_send_sched_scan(struct cfg80211_sched_scan_request * req,u32 cmd)20249 void nl80211_send_sched_scan(struct cfg80211_sched_scan_request *req, u32 cmd)
20250 {
20251 struct sk_buff *msg;
20252
20253 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
20254 if (!msg)
20255 return;
20256
20257 if (nl80211_prep_sched_scan_msg(msg, req, cmd) < 0) {
20258 nlmsg_free(msg);
20259 return;
20260 }
20261
20262 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(req->wiphy), msg, 0,
20263 NL80211_MCGRP_SCAN, GFP_KERNEL);
20264 }
20265
nl80211_reg_change_event_fill(struct sk_buff * msg,struct regulatory_request * request)20266 static bool nl80211_reg_change_event_fill(struct sk_buff *msg,
20267 struct regulatory_request *request)
20268 {
20269 /* Userspace can always count this one always being set */
20270 if (nla_put_u8(msg, NL80211_ATTR_REG_INITIATOR, request->initiator))
20271 goto nla_put_failure;
20272
20273 if (request->alpha2[0] == '0' && request->alpha2[1] == '0') {
20274 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
20275 NL80211_REGDOM_TYPE_WORLD))
20276 goto nla_put_failure;
20277 } else if (request->alpha2[0] == '9' && request->alpha2[1] == '9') {
20278 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
20279 NL80211_REGDOM_TYPE_CUSTOM_WORLD))
20280 goto nla_put_failure;
20281 } else if ((request->alpha2[0] == '9' && request->alpha2[1] == '8') ||
20282 request->intersect) {
20283 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
20284 NL80211_REGDOM_TYPE_INTERSECTION))
20285 goto nla_put_failure;
20286 } else {
20287 if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
20288 NL80211_REGDOM_TYPE_COUNTRY) ||
20289 nla_put_string(msg, NL80211_ATTR_REG_ALPHA2,
20290 request->alpha2))
20291 goto nla_put_failure;
20292 }
20293
20294 if (request->wiphy_idx != WIPHY_IDX_INVALID) {
20295 struct wiphy *wiphy = wiphy_idx_to_wiphy(request->wiphy_idx);
20296
20297 if (wiphy &&
20298 nla_put_u32(msg, NL80211_ATTR_WIPHY, request->wiphy_idx))
20299 goto nla_put_failure;
20300
20301 if (wiphy &&
20302 wiphy->regulatory_flags & REGULATORY_WIPHY_SELF_MANAGED &&
20303 nla_put_flag(msg, NL80211_ATTR_WIPHY_SELF_MANAGED_REG))
20304 goto nla_put_failure;
20305 }
20306
20307 return true;
20308
20309 nla_put_failure:
20310 return false;
20311 }
20312
20313 /*
20314 * This can happen on global regulatory changes or device specific settings
20315 * based on custom regulatory domains.
20316 */
nl80211_common_reg_change_event(enum nl80211_commands cmd_id,struct regulatory_request * request)20317 void nl80211_common_reg_change_event(enum nl80211_commands cmd_id,
20318 struct regulatory_request *request)
20319 {
20320 struct sk_buff *msg;
20321 void *hdr;
20322
20323 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
20324 if (!msg)
20325 return;
20326
20327 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd_id);
20328 if (!hdr)
20329 goto nla_put_failure;
20330
20331 if (!nl80211_reg_change_event_fill(msg, request))
20332 goto nla_put_failure;
20333
20334 genlmsg_end(msg, hdr);
20335
20336 genlmsg_multicast_allns(&nl80211_fam, msg, 0,
20337 NL80211_MCGRP_REGULATORY);
20338
20339 return;
20340
20341 nla_put_failure:
20342 nlmsg_free(msg);
20343 }
20344
20345 struct nl80211_mlme_event {
20346 enum nl80211_commands cmd;
20347 const u8 *buf;
20348 size_t buf_len;
20349 int uapsd_queues;
20350 const u8 *req_ies;
20351 size_t req_ies_len;
20352 bool reconnect;
20353 };
20354
nl80211_send_mlme_event(struct cfg80211_registered_device * rdev,struct net_device * netdev,const struct nl80211_mlme_event * event,gfp_t gfp)20355 static void nl80211_send_mlme_event(struct cfg80211_registered_device *rdev,
20356 struct net_device *netdev,
20357 const struct nl80211_mlme_event *event,
20358 gfp_t gfp)
20359 {
20360 struct sk_buff *msg;
20361 void *hdr;
20362
20363 msg = nlmsg_new(100 + event->buf_len + event->req_ies_len, gfp);
20364 if (!msg)
20365 return;
20366
20367 hdr = nl80211hdr_put(msg, 0, 0, 0, event->cmd);
20368 if (!hdr) {
20369 nlmsg_free(msg);
20370 return;
20371 }
20372
20373 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
20374 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
20375 nla_put(msg, NL80211_ATTR_FRAME, event->buf_len, event->buf) ||
20376 (event->req_ies &&
20377 nla_put(msg, NL80211_ATTR_REQ_IE, event->req_ies_len,
20378 event->req_ies)))
20379 goto nla_put_failure;
20380
20381 if (event->reconnect &&
20382 nla_put_flag(msg, NL80211_ATTR_RECONNECT_REQUESTED))
20383 goto nla_put_failure;
20384
20385 if (event->uapsd_queues >= 0) {
20386 struct nlattr *nla_wmm =
20387 nla_nest_start_noflag(msg, NL80211_ATTR_STA_WME);
20388 if (!nla_wmm)
20389 goto nla_put_failure;
20390
20391 if (nla_put_u8(msg, NL80211_STA_WME_UAPSD_QUEUES,
20392 event->uapsd_queues))
20393 goto nla_put_failure;
20394
20395 nla_nest_end(msg, nla_wmm);
20396 }
20397
20398 genlmsg_end(msg, hdr);
20399
20400 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
20401 NL80211_MCGRP_MLME, gfp);
20402 return;
20403
20404 nla_put_failure:
20405 nlmsg_free(msg);
20406 }
20407
nl80211_send_rx_auth(struct cfg80211_registered_device * rdev,struct net_device * netdev,const u8 * buf,size_t len,gfp_t gfp)20408 void nl80211_send_rx_auth(struct cfg80211_registered_device *rdev,
20409 struct net_device *netdev, const u8 *buf,
20410 size_t len, gfp_t gfp)
20411 {
20412 struct nl80211_mlme_event event = {
20413 .cmd = NL80211_CMD_AUTHENTICATE,
20414 .buf = buf,
20415 .buf_len = len,
20416 .uapsd_queues = -1,
20417 };
20418
20419 nl80211_send_mlme_event(rdev, netdev, &event, gfp);
20420 }
20421
nl80211_send_rx_assoc(struct cfg80211_registered_device * rdev,struct net_device * netdev,const struct cfg80211_rx_assoc_resp_data * data)20422 void nl80211_send_rx_assoc(struct cfg80211_registered_device *rdev,
20423 struct net_device *netdev,
20424 const struct cfg80211_rx_assoc_resp_data *data)
20425 {
20426 struct nl80211_mlme_event event = {
20427 .cmd = NL80211_CMD_ASSOCIATE,
20428 .buf = data->buf,
20429 .buf_len = data->len,
20430 .uapsd_queues = data->uapsd_queues,
20431 .req_ies = data->req_ies,
20432 .req_ies_len = data->req_ies_len,
20433 };
20434
20435 nl80211_send_mlme_event(rdev, netdev, &event, GFP_KERNEL);
20436 }
20437
nl80211_send_deauth(struct cfg80211_registered_device * rdev,struct net_device * netdev,const u8 * buf,size_t len,bool reconnect,gfp_t gfp)20438 void nl80211_send_deauth(struct cfg80211_registered_device *rdev,
20439 struct net_device *netdev, const u8 *buf,
20440 size_t len, bool reconnect, gfp_t gfp)
20441 {
20442 struct nl80211_mlme_event event = {
20443 .cmd = NL80211_CMD_DEAUTHENTICATE,
20444 .buf = buf,
20445 .buf_len = len,
20446 .reconnect = reconnect,
20447 .uapsd_queues = -1,
20448 };
20449
20450 nl80211_send_mlme_event(rdev, netdev, &event, gfp);
20451 }
20452
nl80211_send_disassoc(struct cfg80211_registered_device * rdev,struct net_device * netdev,const u8 * buf,size_t len,bool reconnect,gfp_t gfp)20453 void nl80211_send_disassoc(struct cfg80211_registered_device *rdev,
20454 struct net_device *netdev, const u8 *buf,
20455 size_t len, bool reconnect, gfp_t gfp)
20456 {
20457 struct nl80211_mlme_event event = {
20458 .cmd = NL80211_CMD_DISASSOCIATE,
20459 .buf = buf,
20460 .buf_len = len,
20461 .reconnect = reconnect,
20462 .uapsd_queues = -1,
20463 };
20464
20465 nl80211_send_mlme_event(rdev, netdev, &event, gfp);
20466 }
20467
cfg80211_rx_unprot_mlme_mgmt(struct net_device * dev,const u8 * buf,size_t len)20468 void cfg80211_rx_unprot_mlme_mgmt(struct net_device *dev, const u8 *buf,
20469 size_t len)
20470 {
20471 struct wireless_dev *wdev = dev->ieee80211_ptr;
20472 struct wiphy *wiphy = wdev->wiphy;
20473 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
20474 const struct ieee80211_mgmt *mgmt = (void *)buf;
20475 struct nl80211_mlme_event event = {
20476 .buf = buf,
20477 .buf_len = len,
20478 .uapsd_queues = -1,
20479 };
20480
20481 if (WARN_ON(len < 2))
20482 return;
20483
20484 if (ieee80211_is_deauth(mgmt->frame_control)) {
20485 event.cmd = NL80211_CMD_UNPROT_DEAUTHENTICATE;
20486 } else if (ieee80211_is_disassoc(mgmt->frame_control)) {
20487 event.cmd = NL80211_CMD_UNPROT_DISASSOCIATE;
20488 } else if (ieee80211_is_beacon(mgmt->frame_control)) {
20489 if (wdev->unprot_beacon_reported &&
20490 elapsed_jiffies_msecs(wdev->unprot_beacon_reported) < 10000)
20491 return;
20492 event.cmd = NL80211_CMD_UNPROT_BEACON;
20493 wdev->unprot_beacon_reported = jiffies;
20494 } else {
20495 return;
20496 }
20497
20498 trace_cfg80211_rx_unprot_mlme_mgmt(dev, buf, len);
20499 nl80211_send_mlme_event(rdev, dev, &event, GFP_ATOMIC);
20500 }
20501 EXPORT_SYMBOL(cfg80211_rx_unprot_mlme_mgmt);
20502
nl80211_send_mlme_timeout(struct cfg80211_registered_device * rdev,struct net_device * netdev,int cmd,const u8 * addr,gfp_t gfp)20503 static void nl80211_send_mlme_timeout(struct cfg80211_registered_device *rdev,
20504 struct net_device *netdev, int cmd,
20505 const u8 *addr, gfp_t gfp)
20506 {
20507 struct sk_buff *msg;
20508 void *hdr;
20509
20510 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
20511 if (!msg)
20512 return;
20513
20514 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
20515 if (!hdr) {
20516 nlmsg_free(msg);
20517 return;
20518 }
20519
20520 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
20521 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
20522 nla_put_flag(msg, NL80211_ATTR_TIMED_OUT) ||
20523 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr))
20524 goto nla_put_failure;
20525
20526 genlmsg_end(msg, hdr);
20527
20528 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
20529 NL80211_MCGRP_MLME, gfp);
20530 return;
20531
20532 nla_put_failure:
20533 nlmsg_free(msg);
20534 }
20535
nl80211_send_auth_timeout(struct cfg80211_registered_device * rdev,struct net_device * netdev,const u8 * addr,gfp_t gfp)20536 void nl80211_send_auth_timeout(struct cfg80211_registered_device *rdev,
20537 struct net_device *netdev, const u8 *addr,
20538 gfp_t gfp)
20539 {
20540 nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_AUTHENTICATE,
20541 addr, gfp);
20542 }
20543
nl80211_send_assoc_timeout(struct cfg80211_registered_device * rdev,struct net_device * netdev,const u8 * addr,gfp_t gfp)20544 void nl80211_send_assoc_timeout(struct cfg80211_registered_device *rdev,
20545 struct net_device *netdev, const u8 *addr,
20546 gfp_t gfp)
20547 {
20548 nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_ASSOCIATE,
20549 addr, gfp);
20550 }
20551
nl80211_send_connect_result(struct cfg80211_registered_device * rdev,struct net_device * netdev,struct cfg80211_connect_resp_params * cr,gfp_t gfp)20552 void nl80211_send_connect_result(struct cfg80211_registered_device *rdev,
20553 struct net_device *netdev,
20554 struct cfg80211_connect_resp_params *cr,
20555 gfp_t gfp)
20556 {
20557 struct sk_buff *msg;
20558 void *hdr;
20559 unsigned int link;
20560 size_t link_info_size = 0;
20561 const u8 *connected_addr = cr->valid_links ?
20562 cr->ap_mld_addr : cr->links[0].bssid;
20563
20564 if (cr->valid_links) {
20565 for_each_valid_link(cr, link) {
20566 /* Nested attribute header */
20567 link_info_size += NLA_HDRLEN;
20568 /* Link ID */
20569 link_info_size += nla_total_size(sizeof(u8));
20570 link_info_size += cr->links[link].addr ?
20571 nla_total_size(ETH_ALEN) : 0;
20572 link_info_size += (cr->links[link].bssid ||
20573 cr->links[link].bss) ?
20574 nla_total_size(ETH_ALEN) : 0;
20575 link_info_size += nla_total_size(sizeof(u16));
20576 }
20577 }
20578
20579 msg = nlmsg_new(100 + cr->req_ie_len + cr->resp_ie_len +
20580 cr->fils.kek_len + cr->fils.pmk_len +
20581 (cr->fils.pmkid ? WLAN_PMKID_LEN : 0) + link_info_size,
20582 gfp);
20583 if (!msg)
20584 return;
20585
20586 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONNECT);
20587 if (!hdr) {
20588 nlmsg_free(msg);
20589 return;
20590 }
20591
20592 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
20593 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
20594 (connected_addr &&
20595 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, connected_addr)) ||
20596 nla_put_u16(msg, NL80211_ATTR_STATUS_CODE,
20597 cr->status < 0 ? WLAN_STATUS_UNSPECIFIED_FAILURE :
20598 cr->status) ||
20599 (cr->status < 0 &&
20600 (nla_put_flag(msg, NL80211_ATTR_TIMED_OUT) ||
20601 nla_put_u32(msg, NL80211_ATTR_TIMEOUT_REASON,
20602 cr->timeout_reason))) ||
20603 (cr->req_ie &&
20604 nla_put(msg, NL80211_ATTR_REQ_IE, cr->req_ie_len, cr->req_ie)) ||
20605 (cr->resp_ie &&
20606 nla_put(msg, NL80211_ATTR_RESP_IE, cr->resp_ie_len,
20607 cr->resp_ie)) ||
20608 (cr->fils.update_erp_next_seq_num &&
20609 nla_put_u16(msg, NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM,
20610 cr->fils.erp_next_seq_num)) ||
20611 (cr->status == WLAN_STATUS_SUCCESS &&
20612 ((cr->fils.kek &&
20613 nla_put(msg, NL80211_ATTR_FILS_KEK, cr->fils.kek_len,
20614 cr->fils.kek)) ||
20615 (cr->fils.pmk &&
20616 nla_put(msg, NL80211_ATTR_PMK, cr->fils.pmk_len, cr->fils.pmk)) ||
20617 (cr->fils.pmkid &&
20618 nla_put(msg, NL80211_ATTR_PMKID, WLAN_PMKID_LEN, cr->fils.pmkid)))))
20619 goto nla_put_failure;
20620
20621 if (cr->valid_links) {
20622 int i = 1;
20623 struct nlattr *nested;
20624
20625 nested = nla_nest_start(msg, NL80211_ATTR_MLO_LINKS);
20626 if (!nested)
20627 goto nla_put_failure;
20628
20629 for_each_valid_link(cr, link) {
20630 struct nlattr *nested_mlo_links;
20631 const u8 *bssid = cr->links[link].bss ?
20632 cr->links[link].bss->bssid :
20633 cr->links[link].bssid;
20634
20635 nested_mlo_links = nla_nest_start(msg, i);
20636 if (!nested_mlo_links)
20637 goto nla_put_failure;
20638
20639 if (nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID, link) ||
20640 (bssid &&
20641 nla_put(msg, NL80211_ATTR_BSSID, ETH_ALEN, bssid)) ||
20642 (cr->links[link].addr &&
20643 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN,
20644 cr->links[link].addr)) ||
20645 nla_put_u16(msg, NL80211_ATTR_STATUS_CODE,
20646 cr->links[link].status))
20647 goto nla_put_failure;
20648
20649 nla_nest_end(msg, nested_mlo_links);
20650 i++;
20651 }
20652 nla_nest_end(msg, nested);
20653 }
20654
20655 genlmsg_end(msg, hdr);
20656
20657 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
20658 NL80211_MCGRP_MLME, gfp);
20659 return;
20660
20661 nla_put_failure:
20662 nlmsg_free(msg);
20663 }
20664
nl80211_send_roamed(struct cfg80211_registered_device * rdev,struct net_device * netdev,struct cfg80211_roam_info * info,gfp_t gfp)20665 void nl80211_send_roamed(struct cfg80211_registered_device *rdev,
20666 struct net_device *netdev,
20667 struct cfg80211_roam_info *info, gfp_t gfp)
20668 {
20669 struct sk_buff *msg;
20670 void *hdr;
20671 size_t link_info_size = 0;
20672 unsigned int link;
20673 const u8 *connected_addr = info->ap_mld_addr ?
20674 info->ap_mld_addr :
20675 (info->links[0].bss ?
20676 info->links[0].bss->bssid :
20677 info->links[0].bssid);
20678
20679 if (info->valid_links) {
20680 for_each_valid_link(info, link) {
20681 /* Nested attribute header */
20682 link_info_size += NLA_HDRLEN;
20683 /* Link ID */
20684 link_info_size += nla_total_size(sizeof(u8));
20685 link_info_size += info->links[link].addr ?
20686 nla_total_size(ETH_ALEN) : 0;
20687 link_info_size += (info->links[link].bssid ||
20688 info->links[link].bss) ?
20689 nla_total_size(ETH_ALEN) : 0;
20690 }
20691 }
20692
20693 msg = nlmsg_new(100 + info->req_ie_len + info->resp_ie_len +
20694 info->fils.kek_len + info->fils.pmk_len +
20695 (info->fils.pmkid ? WLAN_PMKID_LEN : 0) +
20696 link_info_size, gfp);
20697 if (!msg)
20698 return;
20699
20700 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_ROAM);
20701 if (!hdr) {
20702 nlmsg_free(msg);
20703 return;
20704 }
20705
20706 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
20707 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
20708 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, connected_addr) ||
20709 (info->req_ie &&
20710 nla_put(msg, NL80211_ATTR_REQ_IE, info->req_ie_len,
20711 info->req_ie)) ||
20712 (info->resp_ie &&
20713 nla_put(msg, NL80211_ATTR_RESP_IE, info->resp_ie_len,
20714 info->resp_ie)) ||
20715 (info->fils.update_erp_next_seq_num &&
20716 nla_put_u16(msg, NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM,
20717 info->fils.erp_next_seq_num)) ||
20718 (info->fils.kek &&
20719 nla_put(msg, NL80211_ATTR_FILS_KEK, info->fils.kek_len,
20720 info->fils.kek)) ||
20721 (info->fils.pmk &&
20722 nla_put(msg, NL80211_ATTR_PMK, info->fils.pmk_len, info->fils.pmk)) ||
20723 (info->fils.pmkid &&
20724 nla_put(msg, NL80211_ATTR_PMKID, WLAN_PMKID_LEN, info->fils.pmkid)))
20725 goto nla_put_failure;
20726
20727 if (info->valid_links) {
20728 int i = 1;
20729 struct nlattr *nested;
20730
20731 nested = nla_nest_start(msg, NL80211_ATTR_MLO_LINKS);
20732 if (!nested)
20733 goto nla_put_failure;
20734
20735 for_each_valid_link(info, link) {
20736 struct nlattr *nested_mlo_links;
20737 const u8 *bssid = info->links[link].bss ?
20738 info->links[link].bss->bssid :
20739 info->links[link].bssid;
20740
20741 nested_mlo_links = nla_nest_start(msg, i);
20742 if (!nested_mlo_links)
20743 goto nla_put_failure;
20744
20745 if (nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID, link) ||
20746 (bssid &&
20747 nla_put(msg, NL80211_ATTR_BSSID, ETH_ALEN, bssid)) ||
20748 (info->links[link].addr &&
20749 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN,
20750 info->links[link].addr)))
20751 goto nla_put_failure;
20752
20753 nla_nest_end(msg, nested_mlo_links);
20754 i++;
20755 }
20756 nla_nest_end(msg, nested);
20757 }
20758
20759 genlmsg_end(msg, hdr);
20760
20761 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
20762 NL80211_MCGRP_MLME, gfp);
20763 return;
20764
20765 nla_put_failure:
20766 nlmsg_free(msg);
20767 }
20768
nl80211_send_port_authorized(struct cfg80211_registered_device * rdev,struct net_device * netdev,const u8 * peer_addr,const u8 * td_bitmap,u8 td_bitmap_len)20769 void nl80211_send_port_authorized(struct cfg80211_registered_device *rdev,
20770 struct net_device *netdev, const u8 *peer_addr,
20771 const u8 *td_bitmap, u8 td_bitmap_len)
20772 {
20773 struct sk_buff *msg;
20774 void *hdr;
20775
20776 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
20777 if (!msg)
20778 return;
20779
20780 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PORT_AUTHORIZED);
20781 if (!hdr) {
20782 nlmsg_free(msg);
20783 return;
20784 }
20785
20786 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
20787 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
20788 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, peer_addr))
20789 goto nla_put_failure;
20790
20791 if (td_bitmap_len > 0 && td_bitmap &&
20792 nla_put(msg, NL80211_ATTR_TD_BITMAP, td_bitmap_len, td_bitmap))
20793 goto nla_put_failure;
20794
20795 genlmsg_end(msg, hdr);
20796
20797 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
20798 NL80211_MCGRP_MLME, GFP_KERNEL);
20799 return;
20800
20801 nla_put_failure:
20802 nlmsg_free(msg);
20803 }
20804
nl80211_send_disconnected(struct cfg80211_registered_device * rdev,struct net_device * netdev,u16 reason,const u8 * ie,size_t ie_len,bool from_ap)20805 void nl80211_send_disconnected(struct cfg80211_registered_device *rdev,
20806 struct net_device *netdev, u16 reason,
20807 const u8 *ie, size_t ie_len, bool from_ap)
20808 {
20809 struct sk_buff *msg;
20810 void *hdr;
20811
20812 msg = nlmsg_new(100 + ie_len, GFP_KERNEL);
20813 if (!msg)
20814 return;
20815
20816 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DISCONNECT);
20817 if (!hdr) {
20818 nlmsg_free(msg);
20819 return;
20820 }
20821
20822 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
20823 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
20824 (reason &&
20825 nla_put_u16(msg, NL80211_ATTR_REASON_CODE, reason)) ||
20826 (from_ap &&
20827 nla_put_flag(msg, NL80211_ATTR_DISCONNECTED_BY_AP)) ||
20828 (ie && nla_put(msg, NL80211_ATTR_IE, ie_len, ie)))
20829 goto nla_put_failure;
20830
20831 genlmsg_end(msg, hdr);
20832
20833 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
20834 NL80211_MCGRP_MLME, GFP_KERNEL);
20835 return;
20836
20837 nla_put_failure:
20838 nlmsg_free(msg);
20839 }
20840
cfg80211_links_removed(struct net_device * dev,u16 link_mask)20841 void cfg80211_links_removed(struct net_device *dev, u16 link_mask)
20842 {
20843 struct wireless_dev *wdev = dev->ieee80211_ptr;
20844 struct wiphy *wiphy = wdev->wiphy;
20845 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
20846 struct sk_buff *msg;
20847 struct nlattr *links;
20848 void *hdr;
20849
20850 lockdep_assert_wiphy(wdev->wiphy);
20851 trace_cfg80211_links_removed(dev, link_mask);
20852
20853 if (WARN_ON(wdev->iftype != NL80211_IFTYPE_STATION &&
20854 wdev->iftype != NL80211_IFTYPE_P2P_CLIENT))
20855 return;
20856
20857 if (WARN_ON(!wdev->valid_links || !link_mask ||
20858 (wdev->valid_links & link_mask) != link_mask ||
20859 wdev->valid_links == link_mask))
20860 return;
20861
20862 cfg80211_wdev_release_link_bsses(wdev, link_mask);
20863 wdev->valid_links &= ~link_mask;
20864
20865 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
20866 if (!msg)
20867 return;
20868
20869 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_LINKS_REMOVED);
20870 if (!hdr) {
20871 nlmsg_free(msg);
20872 return;
20873 }
20874
20875 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
20876 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
20877 goto nla_put_failure;
20878
20879 links = nla_nest_start(msg, NL80211_ATTR_MLO_LINKS);
20880 if (!links)
20881 goto nla_put_failure;
20882
20883 while (link_mask) {
20884 struct nlattr *link;
20885 int link_id = __ffs(link_mask);
20886
20887 link = nla_nest_start(msg, link_id + 1);
20888 if (!link)
20889 goto nla_put_failure;
20890
20891 if (nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID, link_id))
20892 goto nla_put_failure;
20893
20894 nla_nest_end(msg, link);
20895 link_mask &= ~(1 << link_id);
20896 }
20897
20898 nla_nest_end(msg, links);
20899
20900 genlmsg_end(msg, hdr);
20901
20902 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
20903 NL80211_MCGRP_MLME, GFP_KERNEL);
20904 return;
20905
20906 nla_put_failure:
20907 nlmsg_free(msg);
20908 }
20909 EXPORT_SYMBOL(cfg80211_links_removed);
20910
nl80211_mlo_reconf_add_done(struct net_device * dev,struct cfg80211_mlo_reconf_done_data * data)20911 void nl80211_mlo_reconf_add_done(struct net_device *dev,
20912 struct cfg80211_mlo_reconf_done_data *data)
20913 {
20914 struct wireless_dev *wdev = dev->ieee80211_ptr;
20915 struct wiphy *wiphy = wdev->wiphy;
20916 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
20917 struct nl80211_mlme_event event = {
20918 .cmd = NL80211_CMD_ASSOC_MLO_RECONF,
20919 .buf = data->buf,
20920 .buf_len = data->len,
20921 .uapsd_queues = -1,
20922 };
20923
20924 nl80211_send_mlme_event(rdev, dev, &event, GFP_KERNEL);
20925 }
20926 EXPORT_SYMBOL(nl80211_mlo_reconf_add_done);
20927
nl80211_send_ibss_bssid(struct cfg80211_registered_device * rdev,struct net_device * netdev,const u8 * bssid,gfp_t gfp)20928 void nl80211_send_ibss_bssid(struct cfg80211_registered_device *rdev,
20929 struct net_device *netdev, const u8 *bssid,
20930 gfp_t gfp)
20931 {
20932 struct sk_buff *msg;
20933 void *hdr;
20934
20935 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
20936 if (!msg)
20937 return;
20938
20939 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_JOIN_IBSS);
20940 if (!hdr) {
20941 nlmsg_free(msg);
20942 return;
20943 }
20944
20945 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
20946 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
20947 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid))
20948 goto nla_put_failure;
20949
20950 genlmsg_end(msg, hdr);
20951
20952 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
20953 NL80211_MCGRP_MLME, gfp);
20954 return;
20955
20956 nla_put_failure:
20957 nlmsg_free(msg);
20958 }
20959
cfg80211_notify_new_peer_candidate(struct net_device * dev,const u8 * addr,const u8 * ie,u8 ie_len,int sig_dbm,gfp_t gfp)20960 void cfg80211_notify_new_peer_candidate(struct net_device *dev, const u8 *addr,
20961 const u8 *ie, u8 ie_len,
20962 int sig_dbm, gfp_t gfp)
20963 {
20964 struct wireless_dev *wdev = dev->ieee80211_ptr;
20965 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
20966 struct sk_buff *msg;
20967 void *hdr;
20968
20969 if (WARN_ON(wdev->iftype != NL80211_IFTYPE_MESH_POINT))
20970 return;
20971
20972 trace_cfg80211_notify_new_peer_candidate(dev, addr);
20973
20974 msg = nlmsg_new(100 + ie_len, gfp);
20975 if (!msg)
20976 return;
20977
20978 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NEW_PEER_CANDIDATE);
20979 if (!hdr) {
20980 nlmsg_free(msg);
20981 return;
20982 }
20983
20984 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
20985 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
20986 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
20987 (ie_len && ie &&
20988 nla_put(msg, NL80211_ATTR_IE, ie_len, ie)) ||
20989 (sig_dbm &&
20990 nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)))
20991 goto nla_put_failure;
20992
20993 genlmsg_end(msg, hdr);
20994
20995 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
20996 NL80211_MCGRP_MLME, gfp);
20997 return;
20998
20999 nla_put_failure:
21000 nlmsg_free(msg);
21001 }
21002 EXPORT_SYMBOL(cfg80211_notify_new_peer_candidate);
21003
nl80211_michael_mic_failure(struct cfg80211_registered_device * rdev,struct net_device * netdev,const u8 * addr,enum nl80211_key_type key_type,int key_id,const u8 * tsc,gfp_t gfp)21004 void nl80211_michael_mic_failure(struct cfg80211_registered_device *rdev,
21005 struct net_device *netdev, const u8 *addr,
21006 enum nl80211_key_type key_type, int key_id,
21007 const u8 *tsc, gfp_t gfp)
21008 {
21009 struct sk_buff *msg;
21010 void *hdr;
21011
21012 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
21013 if (!msg)
21014 return;
21015
21016 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_MICHAEL_MIC_FAILURE);
21017 if (!hdr) {
21018 nlmsg_free(msg);
21019 return;
21020 }
21021
21022 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
21023 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
21024 (addr && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr)) ||
21025 nla_put_u32(msg, NL80211_ATTR_KEY_TYPE, key_type) ||
21026 (key_id != -1 &&
21027 nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_id)) ||
21028 (tsc && nla_put(msg, NL80211_ATTR_KEY_SEQ, 6, tsc)))
21029 goto nla_put_failure;
21030
21031 genlmsg_end(msg, hdr);
21032
21033 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
21034 NL80211_MCGRP_MLME, gfp);
21035 return;
21036
21037 nla_put_failure:
21038 nlmsg_free(msg);
21039 }
21040
nl80211_send_beacon_hint_event(struct wiphy * wiphy,struct ieee80211_channel * channel_before,struct ieee80211_channel * channel_after)21041 void nl80211_send_beacon_hint_event(struct wiphy *wiphy,
21042 struct ieee80211_channel *channel_before,
21043 struct ieee80211_channel *channel_after)
21044 {
21045 struct sk_buff *msg;
21046 void *hdr;
21047 struct nlattr *nl_freq;
21048
21049 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_ATOMIC);
21050 if (!msg)
21051 return;
21052
21053 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_REG_BEACON_HINT);
21054 if (!hdr) {
21055 nlmsg_free(msg);
21056 return;
21057 }
21058
21059 /*
21060 * Since we are applying the beacon hint to a wiphy we know its
21061 * wiphy_idx is valid
21062 */
21063 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy)))
21064 goto nla_put_failure;
21065
21066 /* Before */
21067 nl_freq = nla_nest_start_noflag(msg, NL80211_ATTR_FREQ_BEFORE);
21068 if (!nl_freq)
21069 goto nla_put_failure;
21070
21071 if (nl80211_msg_put_channel(msg, wiphy, channel_before, false))
21072 goto nla_put_failure;
21073 nla_nest_end(msg, nl_freq);
21074
21075 /* After */
21076 nl_freq = nla_nest_start_noflag(msg, NL80211_ATTR_FREQ_AFTER);
21077 if (!nl_freq)
21078 goto nla_put_failure;
21079
21080 if (nl80211_msg_put_channel(msg, wiphy, channel_after, false))
21081 goto nla_put_failure;
21082 nla_nest_end(msg, nl_freq);
21083
21084 genlmsg_end(msg, hdr);
21085
21086 genlmsg_multicast_allns(&nl80211_fam, msg, 0,
21087 NL80211_MCGRP_REGULATORY);
21088
21089 return;
21090
21091 nla_put_failure:
21092 nlmsg_free(msg);
21093 }
21094
nl80211_send_remain_on_chan_event(int cmd,struct cfg80211_registered_device * rdev,struct wireless_dev * wdev,u64 cookie,struct ieee80211_channel * chan,unsigned int duration,gfp_t gfp)21095 static void nl80211_send_remain_on_chan_event(
21096 int cmd, struct cfg80211_registered_device *rdev,
21097 struct wireless_dev *wdev, u64 cookie,
21098 struct ieee80211_channel *chan,
21099 unsigned int duration, gfp_t gfp)
21100 {
21101 struct sk_buff *msg;
21102 void *hdr;
21103
21104 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
21105 if (!msg)
21106 return;
21107
21108 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
21109 if (!hdr) {
21110 nlmsg_free(msg);
21111 return;
21112 }
21113
21114 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
21115 (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
21116 wdev->netdev->ifindex)) ||
21117 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
21118 NL80211_ATTR_PAD) ||
21119 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, chan->center_freq) ||
21120 nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
21121 NL80211_CHAN_NO_HT) ||
21122 nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
21123 NL80211_ATTR_PAD))
21124 goto nla_put_failure;
21125
21126 if (cmd == NL80211_CMD_REMAIN_ON_CHANNEL &&
21127 nla_put_u32(msg, NL80211_ATTR_DURATION, duration))
21128 goto nla_put_failure;
21129
21130 genlmsg_end(msg, hdr);
21131
21132 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
21133 NL80211_MCGRP_MLME, gfp);
21134 return;
21135
21136 nla_put_failure:
21137 nlmsg_free(msg);
21138 }
21139
cfg80211_assoc_comeback(struct net_device * netdev,const u8 * ap_addr,u32 timeout)21140 void cfg80211_assoc_comeback(struct net_device *netdev,
21141 const u8 *ap_addr, u32 timeout)
21142 {
21143 struct wireless_dev *wdev = netdev->ieee80211_ptr;
21144 struct wiphy *wiphy = wdev->wiphy;
21145 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
21146 struct sk_buff *msg;
21147 void *hdr;
21148
21149 trace_cfg80211_assoc_comeback(wdev, ap_addr, timeout);
21150
21151 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
21152 if (!msg)
21153 return;
21154
21155 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_ASSOC_COMEBACK);
21156 if (!hdr) {
21157 nlmsg_free(msg);
21158 return;
21159 }
21160
21161 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
21162 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
21163 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, ap_addr) ||
21164 nla_put_u32(msg, NL80211_ATTR_TIMEOUT, timeout))
21165 goto nla_put_failure;
21166
21167 genlmsg_end(msg, hdr);
21168
21169 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
21170 NL80211_MCGRP_MLME, GFP_KERNEL);
21171 return;
21172
21173 nla_put_failure:
21174 nlmsg_free(msg);
21175 }
21176 EXPORT_SYMBOL(cfg80211_assoc_comeback);
21177
cfg80211_ready_on_channel(struct wireless_dev * wdev,u64 cookie,struct ieee80211_channel * chan,unsigned int duration,gfp_t gfp)21178 void cfg80211_ready_on_channel(struct wireless_dev *wdev, u64 cookie,
21179 struct ieee80211_channel *chan,
21180 unsigned int duration, gfp_t gfp)
21181 {
21182 struct wiphy *wiphy = wdev->wiphy;
21183 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
21184
21185 trace_cfg80211_ready_on_channel(wdev, cookie, chan, duration);
21186 nl80211_send_remain_on_chan_event(NL80211_CMD_REMAIN_ON_CHANNEL,
21187 rdev, wdev, cookie, chan,
21188 duration, gfp);
21189 }
21190 EXPORT_SYMBOL(cfg80211_ready_on_channel);
21191
cfg80211_remain_on_channel_expired(struct wireless_dev * wdev,u64 cookie,struct ieee80211_channel * chan,gfp_t gfp)21192 void cfg80211_remain_on_channel_expired(struct wireless_dev *wdev, u64 cookie,
21193 struct ieee80211_channel *chan,
21194 gfp_t gfp)
21195 {
21196 struct wiphy *wiphy = wdev->wiphy;
21197 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
21198
21199 trace_cfg80211_ready_on_channel_expired(wdev, cookie, chan);
21200 nl80211_send_remain_on_chan_event(NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL,
21201 rdev, wdev, cookie, chan, 0, gfp);
21202 }
21203 EXPORT_SYMBOL(cfg80211_remain_on_channel_expired);
21204
cfg80211_tx_mgmt_expired(struct wireless_dev * wdev,u64 cookie,struct ieee80211_channel * chan,gfp_t gfp)21205 void cfg80211_tx_mgmt_expired(struct wireless_dev *wdev, u64 cookie,
21206 struct ieee80211_channel *chan,
21207 gfp_t gfp)
21208 {
21209 struct wiphy *wiphy = wdev->wiphy;
21210 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
21211
21212 trace_cfg80211_tx_mgmt_expired(wdev, cookie, chan);
21213 nl80211_send_remain_on_chan_event(NL80211_CMD_FRAME_WAIT_CANCEL,
21214 rdev, wdev, cookie, chan, 0, gfp);
21215 }
21216 EXPORT_SYMBOL(cfg80211_tx_mgmt_expired);
21217
cfg80211_new_sta(struct wireless_dev * wdev,const u8 * mac_addr,struct station_info * sinfo,gfp_t gfp)21218 void cfg80211_new_sta(struct wireless_dev *wdev, const u8 *mac_addr,
21219 struct station_info *sinfo, gfp_t gfp)
21220 {
21221 struct wiphy *wiphy = wdev->wiphy;
21222 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
21223 struct sk_buff *msg;
21224
21225 trace_cfg80211_new_sta(wdev, mac_addr, sinfo);
21226
21227 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
21228 if (!msg)
21229 return;
21230
21231 if (nl80211_send_station(msg, NL80211_CMD_NEW_STATION, 0, 0, 0,
21232 rdev, wdev, mac_addr, sinfo, false) < 0) {
21233 nlmsg_free(msg);
21234 return;
21235 }
21236
21237 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
21238 NL80211_MCGRP_MLME, gfp);
21239 }
21240 EXPORT_SYMBOL(cfg80211_new_sta);
21241
cfg80211_del_sta_sinfo(struct wireless_dev * wdev,const u8 * mac_addr,struct station_info * sinfo,gfp_t gfp)21242 void cfg80211_del_sta_sinfo(struct wireless_dev *wdev, const u8 *mac_addr,
21243 struct station_info *sinfo, gfp_t gfp)
21244 {
21245 struct wiphy *wiphy = wdev->wiphy;
21246 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
21247 struct sk_buff *msg;
21248 struct station_info empty_sinfo = {};
21249
21250 if (!sinfo)
21251 sinfo = &empty_sinfo;
21252
21253 trace_cfg80211_del_sta(wdev, mac_addr);
21254
21255 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
21256 if (!msg) {
21257 cfg80211_sinfo_release_content(sinfo);
21258 return;
21259 }
21260
21261 if (nl80211_send_station(msg, NL80211_CMD_DEL_STATION, 0, 0, 0,
21262 rdev, wdev, mac_addr, sinfo, false) < 0) {
21263 nlmsg_free(msg);
21264 return;
21265 }
21266
21267 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
21268 NL80211_MCGRP_MLME, gfp);
21269 }
21270 EXPORT_SYMBOL(cfg80211_del_sta_sinfo);
21271
cfg80211_conn_failed(struct net_device * dev,const u8 * mac_addr,enum nl80211_connect_failed_reason reason,gfp_t gfp)21272 void cfg80211_conn_failed(struct net_device *dev, const u8 *mac_addr,
21273 enum nl80211_connect_failed_reason reason,
21274 gfp_t gfp)
21275 {
21276 struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
21277 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
21278 struct sk_buff *msg;
21279 void *hdr;
21280
21281 msg = nlmsg_new(NLMSG_GOODSIZE, gfp);
21282 if (!msg)
21283 return;
21284
21285 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONN_FAILED);
21286 if (!hdr) {
21287 nlmsg_free(msg);
21288 return;
21289 }
21290
21291 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
21292 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr) ||
21293 nla_put_u32(msg, NL80211_ATTR_CONN_FAILED_REASON, reason))
21294 goto nla_put_failure;
21295
21296 genlmsg_end(msg, hdr);
21297
21298 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
21299 NL80211_MCGRP_MLME, gfp);
21300 return;
21301
21302 nla_put_failure:
21303 nlmsg_free(msg);
21304 }
21305 EXPORT_SYMBOL(cfg80211_conn_failed);
21306
__nl80211_unexpected_frame(struct net_device * dev,u8 cmd,const u8 * addr,int link_id,gfp_t gfp)21307 static bool __nl80211_unexpected_frame(struct net_device *dev, u8 cmd,
21308 const u8 *addr, int link_id, gfp_t gfp)
21309 {
21310 struct wireless_dev *wdev = dev->ieee80211_ptr;
21311 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
21312 struct sk_buff *msg;
21313 void *hdr;
21314 u32 nlportid = READ_ONCE(wdev->unexpected_nlportid);
21315
21316 if (!nlportid)
21317 return false;
21318
21319 msg = nlmsg_new(100, gfp);
21320 if (!msg)
21321 return true;
21322
21323 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
21324 if (!hdr) {
21325 nlmsg_free(msg);
21326 return true;
21327 }
21328
21329 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
21330 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
21331 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
21332 (link_id >= 0 &&
21333 nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID, link_id)))
21334 goto nla_put_failure;
21335
21336 genlmsg_end(msg, hdr);
21337 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
21338 return true;
21339
21340 nla_put_failure:
21341 nlmsg_free(msg);
21342 return true;
21343 }
21344
cfg80211_rx_spurious_frame(struct net_device * dev,const u8 * addr,int link_id,gfp_t gfp)21345 bool cfg80211_rx_spurious_frame(struct net_device *dev, const u8 *addr,
21346 int link_id, gfp_t gfp)
21347 {
21348 struct wireless_dev *wdev = dev->ieee80211_ptr;
21349 bool ret;
21350
21351 trace_cfg80211_rx_spurious_frame(dev, addr, link_id);
21352
21353 if (WARN_ON(wdev->iftype != NL80211_IFTYPE_AP &&
21354 wdev->iftype != NL80211_IFTYPE_P2P_GO &&
21355 wdev->iftype != NL80211_IFTYPE_NAN_DATA)) {
21356 trace_cfg80211_return_bool(false);
21357 return false;
21358 }
21359 ret = __nl80211_unexpected_frame(dev, NL80211_CMD_UNEXPECTED_FRAME,
21360 addr, link_id, gfp);
21361 trace_cfg80211_return_bool(ret);
21362 return ret;
21363 }
21364 EXPORT_SYMBOL(cfg80211_rx_spurious_frame);
21365
cfg80211_rx_unexpected_4addr_frame(struct net_device * dev,const u8 * addr,int link_id,gfp_t gfp)21366 bool cfg80211_rx_unexpected_4addr_frame(struct net_device *dev, const u8 *addr,
21367 int link_id, gfp_t gfp)
21368 {
21369 struct wireless_dev *wdev = dev->ieee80211_ptr;
21370 bool ret;
21371
21372 trace_cfg80211_rx_unexpected_4addr_frame(dev, addr, link_id);
21373
21374 if (WARN_ON(wdev->iftype != NL80211_IFTYPE_AP &&
21375 wdev->iftype != NL80211_IFTYPE_P2P_GO &&
21376 wdev->iftype != NL80211_IFTYPE_AP_VLAN)) {
21377 trace_cfg80211_return_bool(false);
21378 return false;
21379 }
21380 ret = __nl80211_unexpected_frame(dev,
21381 NL80211_CMD_UNEXPECTED_4ADDR_FRAME,
21382 addr, link_id, gfp);
21383 trace_cfg80211_return_bool(ret);
21384 return ret;
21385 }
21386 EXPORT_SYMBOL(cfg80211_rx_unexpected_4addr_frame);
21387
nl80211_send_mgmt(struct cfg80211_registered_device * rdev,struct wireless_dev * wdev,u32 nlportid,struct cfg80211_rx_info * info,gfp_t gfp)21388 int nl80211_send_mgmt(struct cfg80211_registered_device *rdev,
21389 struct wireless_dev *wdev, u32 nlportid,
21390 struct cfg80211_rx_info *info, gfp_t gfp)
21391 {
21392 struct net_device *netdev = wdev->netdev;
21393 struct sk_buff *msg;
21394 void *hdr;
21395
21396 msg = nlmsg_new(100 + info->len, gfp);
21397 if (!msg)
21398 return -ENOMEM;
21399
21400 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME);
21401 if (!hdr) {
21402 nlmsg_free(msg);
21403 return -ENOMEM;
21404 }
21405
21406 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
21407 (netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
21408 netdev->ifindex)) ||
21409 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
21410 NL80211_ATTR_PAD) ||
21411 (info->have_link_id &&
21412 nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID, info->link_id)) ||
21413 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, KHZ_TO_MHZ(info->freq)) ||
21414 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ_OFFSET, info->freq % 1000) ||
21415 (info->sig_dbm &&
21416 nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, info->sig_dbm)) ||
21417 nla_put(msg, NL80211_ATTR_FRAME, info->len, info->buf) ||
21418 (info->flags &&
21419 nla_put_u32(msg, NL80211_ATTR_RXMGMT_FLAGS, info->flags)) ||
21420 (info->rx_tstamp && nla_put_u64_64bit(msg,
21421 NL80211_ATTR_RX_HW_TIMESTAMP,
21422 info->rx_tstamp,
21423 NL80211_ATTR_PAD)) ||
21424 (info->ack_tstamp && nla_put_u64_64bit(msg,
21425 NL80211_ATTR_TX_HW_TIMESTAMP,
21426 info->ack_tstamp,
21427 NL80211_ATTR_PAD)))
21428 goto nla_put_failure;
21429
21430 genlmsg_end(msg, hdr);
21431
21432 return genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
21433
21434 nla_put_failure:
21435 nlmsg_free(msg);
21436 return -ENOBUFS;
21437 }
21438
nl80211_frame_tx_status(struct wireless_dev * wdev,struct cfg80211_tx_status * status,gfp_t gfp,enum nl80211_commands command)21439 static void nl80211_frame_tx_status(struct wireless_dev *wdev,
21440 struct cfg80211_tx_status *status,
21441 gfp_t gfp, enum nl80211_commands command)
21442 {
21443 struct wiphy *wiphy = wdev->wiphy;
21444 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
21445 struct net_device *netdev = wdev->netdev;
21446 struct sk_buff *msg;
21447 void *hdr;
21448
21449 if (command == NL80211_CMD_FRAME_TX_STATUS)
21450 trace_cfg80211_mgmt_tx_status(wdev, status->cookie,
21451 status->ack);
21452 else
21453 trace_cfg80211_control_port_tx_status(wdev, status->cookie,
21454 status->ack);
21455
21456 msg = nlmsg_new(100 + status->len, gfp);
21457 if (!msg)
21458 return;
21459
21460 hdr = nl80211hdr_put(msg, 0, 0, 0, command);
21461 if (!hdr) {
21462 nlmsg_free(msg);
21463 return;
21464 }
21465
21466 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
21467 (netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
21468 netdev->ifindex)) ||
21469 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
21470 NL80211_ATTR_PAD) ||
21471 nla_put(msg, NL80211_ATTR_FRAME, status->len, status->buf) ||
21472 nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, status->cookie,
21473 NL80211_ATTR_PAD) ||
21474 (status->ack && nla_put_flag(msg, NL80211_ATTR_ACK)) ||
21475 (status->tx_tstamp &&
21476 nla_put_u64_64bit(msg, NL80211_ATTR_TX_HW_TIMESTAMP,
21477 status->tx_tstamp, NL80211_ATTR_PAD)) ||
21478 (status->ack_tstamp &&
21479 nla_put_u64_64bit(msg, NL80211_ATTR_RX_HW_TIMESTAMP,
21480 status->ack_tstamp, NL80211_ATTR_PAD)))
21481 goto nla_put_failure;
21482
21483 genlmsg_end(msg, hdr);
21484
21485 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
21486 NL80211_MCGRP_MLME, gfp);
21487 return;
21488
21489 nla_put_failure:
21490 nlmsg_free(msg);
21491 }
21492
cfg80211_control_port_tx_status(struct wireless_dev * wdev,u64 cookie,const u8 * buf,size_t len,bool ack,gfp_t gfp)21493 void cfg80211_control_port_tx_status(struct wireless_dev *wdev, u64 cookie,
21494 const u8 *buf, size_t len, bool ack,
21495 gfp_t gfp)
21496 {
21497 struct cfg80211_tx_status status = {
21498 .cookie = cookie,
21499 .buf = buf,
21500 .len = len,
21501 .ack = ack
21502 };
21503
21504 nl80211_frame_tx_status(wdev, &status, gfp,
21505 NL80211_CMD_CONTROL_PORT_FRAME_TX_STATUS);
21506 }
21507 EXPORT_SYMBOL(cfg80211_control_port_tx_status);
21508
cfg80211_mgmt_tx_status_ext(struct wireless_dev * wdev,struct cfg80211_tx_status * status,gfp_t gfp)21509 void cfg80211_mgmt_tx_status_ext(struct wireless_dev *wdev,
21510 struct cfg80211_tx_status *status, gfp_t gfp)
21511 {
21512 nl80211_frame_tx_status(wdev, status, gfp, NL80211_CMD_FRAME_TX_STATUS);
21513 }
21514 EXPORT_SYMBOL(cfg80211_mgmt_tx_status_ext);
21515
__nl80211_rx_control_port(struct net_device * dev,struct sk_buff * skb,bool unencrypted,int link_id,gfp_t gfp)21516 static int __nl80211_rx_control_port(struct net_device *dev,
21517 struct sk_buff *skb,
21518 bool unencrypted,
21519 int link_id,
21520 gfp_t gfp)
21521 {
21522 struct wireless_dev *wdev = dev->ieee80211_ptr;
21523 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
21524 struct ethhdr *ehdr = eth_hdr(skb);
21525 const u8 *addr = ehdr->h_source;
21526 u16 proto = be16_to_cpu(skb->protocol);
21527 struct sk_buff *msg;
21528 void *hdr;
21529 struct nlattr *frame;
21530
21531 u32 nlportid = READ_ONCE(wdev->conn_owner_nlportid);
21532
21533 if (!nlportid)
21534 return -ENOENT;
21535
21536 msg = nlmsg_new(100 + skb->len, gfp);
21537 if (!msg)
21538 return -ENOMEM;
21539
21540 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONTROL_PORT_FRAME);
21541 if (!hdr) {
21542 nlmsg_free(msg);
21543 return -ENOBUFS;
21544 }
21545
21546 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
21547 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
21548 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
21549 NL80211_ATTR_PAD) ||
21550 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
21551 nla_put_u16(msg, NL80211_ATTR_CONTROL_PORT_ETHERTYPE, proto) ||
21552 (link_id >= 0 &&
21553 nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID, link_id)) ||
21554 (unencrypted && nla_put_flag(msg,
21555 NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT)))
21556 goto nla_put_failure;
21557
21558 frame = nla_reserve(msg, NL80211_ATTR_FRAME, skb->len);
21559 if (!frame)
21560 goto nla_put_failure;
21561
21562 skb_copy_bits(skb, 0, nla_data(frame), skb->len);
21563 genlmsg_end(msg, hdr);
21564
21565 return genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
21566
21567 nla_put_failure:
21568 nlmsg_free(msg);
21569 return -ENOBUFS;
21570 }
21571
cfg80211_rx_control_port(struct net_device * dev,struct sk_buff * skb,bool unencrypted,int link_id)21572 bool cfg80211_rx_control_port(struct net_device *dev, struct sk_buff *skb,
21573 bool unencrypted, int link_id)
21574 {
21575 int ret;
21576
21577 trace_cfg80211_rx_control_port(dev, skb, unencrypted, link_id);
21578 ret = __nl80211_rx_control_port(dev, skb, unencrypted, link_id,
21579 GFP_ATOMIC);
21580 trace_cfg80211_return_bool(ret == 0);
21581 return ret == 0;
21582 }
21583 EXPORT_SYMBOL(cfg80211_rx_control_port);
21584
cfg80211_prepare_cqm(struct net_device * dev,const char * mac,gfp_t gfp)21585 static struct sk_buff *cfg80211_prepare_cqm(struct net_device *dev,
21586 const char *mac, gfp_t gfp)
21587 {
21588 struct wireless_dev *wdev = dev->ieee80211_ptr;
21589 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
21590 struct sk_buff *msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
21591 void **cb;
21592
21593 if (!msg)
21594 return NULL;
21595
21596 cb = (void **)msg->cb;
21597
21598 cb[0] = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NOTIFY_CQM);
21599 if (!cb[0]) {
21600 nlmsg_free(msg);
21601 return NULL;
21602 }
21603
21604 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
21605 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
21606 goto nla_put_failure;
21607
21608 if (mac && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac))
21609 goto nla_put_failure;
21610
21611 cb[1] = nla_nest_start_noflag(msg, NL80211_ATTR_CQM);
21612 if (!cb[1])
21613 goto nla_put_failure;
21614
21615 cb[2] = rdev;
21616
21617 return msg;
21618 nla_put_failure:
21619 nlmsg_free(msg);
21620 return NULL;
21621 }
21622
cfg80211_send_cqm(struct sk_buff * msg,gfp_t gfp)21623 static void cfg80211_send_cqm(struct sk_buff *msg, gfp_t gfp)
21624 {
21625 void **cb = (void **)msg->cb;
21626 struct cfg80211_registered_device *rdev = cb[2];
21627
21628 nla_nest_end(msg, cb[1]);
21629 genlmsg_end(msg, cb[0]);
21630
21631 memset(msg->cb, 0, sizeof(msg->cb));
21632
21633 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
21634 NL80211_MCGRP_MLME, gfp);
21635 }
21636
cfg80211_cqm_rssi_notify(struct net_device * dev,enum nl80211_cqm_rssi_threshold_event rssi_event,s32 rssi_level,gfp_t gfp)21637 void cfg80211_cqm_rssi_notify(struct net_device *dev,
21638 enum nl80211_cqm_rssi_threshold_event rssi_event,
21639 s32 rssi_level, gfp_t gfp)
21640 {
21641 struct wireless_dev *wdev = dev->ieee80211_ptr;
21642 struct cfg80211_cqm_config *cqm_config;
21643
21644 trace_cfg80211_cqm_rssi_notify(dev, rssi_event, rssi_level);
21645
21646 if (WARN_ON(rssi_event != NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW &&
21647 rssi_event != NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH))
21648 return;
21649
21650 rcu_read_lock();
21651 cqm_config = rcu_dereference(wdev->cqm_config);
21652 if (cqm_config) {
21653 cqm_config->last_rssi_event_value = rssi_level;
21654 cqm_config->last_rssi_event_type = rssi_event;
21655 wiphy_work_queue(wdev->wiphy, &wdev->cqm_rssi_work);
21656 }
21657 rcu_read_unlock();
21658 }
21659 EXPORT_SYMBOL(cfg80211_cqm_rssi_notify);
21660
cfg80211_cqm_rssi_notify_work(struct wiphy * wiphy,struct wiphy_work * work)21661 void cfg80211_cqm_rssi_notify_work(struct wiphy *wiphy, struct wiphy_work *work)
21662 {
21663 struct wireless_dev *wdev = container_of(work, struct wireless_dev,
21664 cqm_rssi_work);
21665 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
21666 enum nl80211_cqm_rssi_threshold_event rssi_event;
21667 struct cfg80211_cqm_config *cqm_config;
21668 struct sk_buff *msg;
21669 s32 rssi_level;
21670
21671 cqm_config = wiphy_dereference(wdev->wiphy, wdev->cqm_config);
21672 if (!cqm_config)
21673 return;
21674
21675 if (cqm_config->use_range_api)
21676 cfg80211_cqm_rssi_update(rdev, wdev->netdev, cqm_config);
21677
21678 rssi_level = cqm_config->last_rssi_event_value;
21679 rssi_event = cqm_config->last_rssi_event_type;
21680
21681 msg = cfg80211_prepare_cqm(wdev->netdev, NULL, GFP_KERNEL);
21682 if (!msg)
21683 return;
21684
21685 if (nla_put_u32(msg, NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT,
21686 rssi_event))
21687 goto nla_put_failure;
21688
21689 if (rssi_level && nla_put_s32(msg, NL80211_ATTR_CQM_RSSI_LEVEL,
21690 rssi_level))
21691 goto nla_put_failure;
21692
21693 cfg80211_send_cqm(msg, GFP_KERNEL);
21694
21695 return;
21696
21697 nla_put_failure:
21698 nlmsg_free(msg);
21699 }
21700
cfg80211_cqm_txe_notify(struct net_device * dev,const u8 * peer,u32 num_packets,u32 rate,u32 intvl,gfp_t gfp)21701 void cfg80211_cqm_txe_notify(struct net_device *dev,
21702 const u8 *peer, u32 num_packets,
21703 u32 rate, u32 intvl, gfp_t gfp)
21704 {
21705 struct sk_buff *msg;
21706
21707 msg = cfg80211_prepare_cqm(dev, peer, gfp);
21708 if (!msg)
21709 return;
21710
21711 if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_PKTS, num_packets))
21712 goto nla_put_failure;
21713
21714 if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_RATE, rate))
21715 goto nla_put_failure;
21716
21717 if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_INTVL, intvl))
21718 goto nla_put_failure;
21719
21720 cfg80211_send_cqm(msg, gfp);
21721 return;
21722
21723 nla_put_failure:
21724 nlmsg_free(msg);
21725 }
21726 EXPORT_SYMBOL(cfg80211_cqm_txe_notify);
21727
cfg80211_cqm_pktloss_notify(struct net_device * dev,const u8 * peer,u32 num_packets,gfp_t gfp)21728 void cfg80211_cqm_pktloss_notify(struct net_device *dev,
21729 const u8 *peer, u32 num_packets, gfp_t gfp)
21730 {
21731 struct sk_buff *msg;
21732
21733 trace_cfg80211_cqm_pktloss_notify(dev, peer, num_packets);
21734
21735 msg = cfg80211_prepare_cqm(dev, peer, gfp);
21736 if (!msg)
21737 return;
21738
21739 if (nla_put_u32(msg, NL80211_ATTR_CQM_PKT_LOSS_EVENT, num_packets))
21740 goto nla_put_failure;
21741
21742 cfg80211_send_cqm(msg, gfp);
21743 return;
21744
21745 nla_put_failure:
21746 nlmsg_free(msg);
21747 }
21748 EXPORT_SYMBOL(cfg80211_cqm_pktloss_notify);
21749
cfg80211_cqm_beacon_loss_notify(struct net_device * dev,gfp_t gfp)21750 void cfg80211_cqm_beacon_loss_notify(struct net_device *dev, gfp_t gfp)
21751 {
21752 struct sk_buff *msg;
21753
21754 msg = cfg80211_prepare_cqm(dev, NULL, gfp);
21755 if (!msg)
21756 return;
21757
21758 if (nla_put_flag(msg, NL80211_ATTR_CQM_BEACON_LOSS_EVENT))
21759 goto nla_put_failure;
21760
21761 cfg80211_send_cqm(msg, gfp);
21762 return;
21763
21764 nla_put_failure:
21765 nlmsg_free(msg);
21766 }
21767 EXPORT_SYMBOL(cfg80211_cqm_beacon_loss_notify);
21768
nl80211_gtk_rekey_notify(struct cfg80211_registered_device * rdev,struct net_device * netdev,const u8 * bssid,const u8 * replay_ctr,gfp_t gfp)21769 static void nl80211_gtk_rekey_notify(struct cfg80211_registered_device *rdev,
21770 struct net_device *netdev, const u8 *bssid,
21771 const u8 *replay_ctr, gfp_t gfp)
21772 {
21773 struct sk_buff *msg;
21774 struct nlattr *rekey_attr;
21775 void *hdr;
21776
21777 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
21778 if (!msg)
21779 return;
21780
21781 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_SET_REKEY_OFFLOAD);
21782 if (!hdr) {
21783 nlmsg_free(msg);
21784 return;
21785 }
21786
21787 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
21788 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
21789 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid))
21790 goto nla_put_failure;
21791
21792 rekey_attr = nla_nest_start_noflag(msg, NL80211_ATTR_REKEY_DATA);
21793 if (!rekey_attr)
21794 goto nla_put_failure;
21795
21796 if (nla_put(msg, NL80211_REKEY_DATA_REPLAY_CTR,
21797 NL80211_REPLAY_CTR_LEN, replay_ctr))
21798 goto nla_put_failure;
21799
21800 nla_nest_end(msg, rekey_attr);
21801
21802 genlmsg_end(msg, hdr);
21803
21804 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
21805 NL80211_MCGRP_MLME, gfp);
21806 return;
21807
21808 nla_put_failure:
21809 nlmsg_free(msg);
21810 }
21811
cfg80211_gtk_rekey_notify(struct net_device * dev,const u8 * bssid,const u8 * replay_ctr,gfp_t gfp)21812 void cfg80211_gtk_rekey_notify(struct net_device *dev, const u8 *bssid,
21813 const u8 *replay_ctr, gfp_t gfp)
21814 {
21815 struct wireless_dev *wdev = dev->ieee80211_ptr;
21816 struct wiphy *wiphy = wdev->wiphy;
21817 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
21818
21819 trace_cfg80211_gtk_rekey_notify(dev, bssid);
21820 nl80211_gtk_rekey_notify(rdev, dev, bssid, replay_ctr, gfp);
21821 }
21822 EXPORT_SYMBOL(cfg80211_gtk_rekey_notify);
21823
21824 static void
nl80211_pmksa_candidate_notify(struct cfg80211_registered_device * rdev,struct net_device * netdev,int index,const u8 * bssid,bool preauth,gfp_t gfp)21825 nl80211_pmksa_candidate_notify(struct cfg80211_registered_device *rdev,
21826 struct net_device *netdev, int index,
21827 const u8 *bssid, bool preauth, gfp_t gfp)
21828 {
21829 struct sk_buff *msg;
21830 struct nlattr *attr;
21831 void *hdr;
21832
21833 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
21834 if (!msg)
21835 return;
21836
21837 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PMKSA_CANDIDATE);
21838 if (!hdr) {
21839 nlmsg_free(msg);
21840 return;
21841 }
21842
21843 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
21844 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex))
21845 goto nla_put_failure;
21846
21847 attr = nla_nest_start_noflag(msg, NL80211_ATTR_PMKSA_CANDIDATE);
21848 if (!attr)
21849 goto nla_put_failure;
21850
21851 if (nla_put_u32(msg, NL80211_PMKSA_CANDIDATE_INDEX, index) ||
21852 nla_put(msg, NL80211_PMKSA_CANDIDATE_BSSID, ETH_ALEN, bssid) ||
21853 (preauth &&
21854 nla_put_flag(msg, NL80211_PMKSA_CANDIDATE_PREAUTH)))
21855 goto nla_put_failure;
21856
21857 nla_nest_end(msg, attr);
21858
21859 genlmsg_end(msg, hdr);
21860
21861 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
21862 NL80211_MCGRP_MLME, gfp);
21863 return;
21864
21865 nla_put_failure:
21866 nlmsg_free(msg);
21867 }
21868
cfg80211_pmksa_candidate_notify(struct net_device * dev,int index,const u8 * bssid,bool preauth,gfp_t gfp)21869 void cfg80211_pmksa_candidate_notify(struct net_device *dev, int index,
21870 const u8 *bssid, bool preauth, gfp_t gfp)
21871 {
21872 struct wireless_dev *wdev = dev->ieee80211_ptr;
21873 struct wiphy *wiphy = wdev->wiphy;
21874 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
21875
21876 trace_cfg80211_pmksa_candidate_notify(dev, index, bssid, preauth);
21877 nl80211_pmksa_candidate_notify(rdev, dev, index, bssid, preauth, gfp);
21878 }
21879 EXPORT_SYMBOL(cfg80211_pmksa_candidate_notify);
21880
nl80211_ch_switch_notify(struct cfg80211_registered_device * rdev,struct net_device * netdev,unsigned int link_id,struct cfg80211_chan_def * chandef,gfp_t gfp,enum nl80211_commands notif,u8 count,bool quiet)21881 static void nl80211_ch_switch_notify(struct cfg80211_registered_device *rdev,
21882 struct net_device *netdev,
21883 unsigned int link_id,
21884 struct cfg80211_chan_def *chandef,
21885 gfp_t gfp,
21886 enum nl80211_commands notif,
21887 u8 count, bool quiet)
21888 {
21889 struct wireless_dev *wdev = netdev->ieee80211_ptr;
21890 struct sk_buff *msg;
21891 void *hdr;
21892
21893 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
21894 if (!msg)
21895 return;
21896
21897 hdr = nl80211hdr_put(msg, 0, 0, 0, notif);
21898 if (!hdr) {
21899 nlmsg_free(msg);
21900 return;
21901 }
21902
21903 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex))
21904 goto nla_put_failure;
21905
21906 if (wdev->valid_links &&
21907 nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID, link_id))
21908 goto nla_put_failure;
21909
21910 if (nl80211_send_chandef(msg, chandef))
21911 goto nla_put_failure;
21912
21913 if (notif == NL80211_CMD_CH_SWITCH_STARTED_NOTIFY) {
21914 if (nla_put_u32(msg, NL80211_ATTR_CH_SWITCH_COUNT, count))
21915 goto nla_put_failure;
21916 if (quiet &&
21917 nla_put_flag(msg, NL80211_ATTR_CH_SWITCH_BLOCK_TX))
21918 goto nla_put_failure;
21919 }
21920
21921 genlmsg_end(msg, hdr);
21922
21923 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
21924 NL80211_MCGRP_MLME, gfp);
21925 return;
21926
21927 nla_put_failure:
21928 nlmsg_free(msg);
21929 }
21930
cfg80211_ch_switch_notify(struct net_device * dev,struct cfg80211_chan_def * chandef,unsigned int link_id)21931 void cfg80211_ch_switch_notify(struct net_device *dev,
21932 struct cfg80211_chan_def *chandef,
21933 unsigned int link_id)
21934 {
21935 struct wireless_dev *wdev = dev->ieee80211_ptr;
21936 struct wiphy *wiphy = wdev->wiphy;
21937 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
21938
21939 lockdep_assert_wiphy(wdev->wiphy);
21940 WARN_INVALID_LINK_ID(wdev, link_id);
21941
21942 trace_cfg80211_ch_switch_notify(dev, chandef, link_id);
21943
21944 switch (wdev->iftype) {
21945 case NL80211_IFTYPE_STATION:
21946 case NL80211_IFTYPE_P2P_CLIENT:
21947 if (!WARN_ON(!wdev->links[link_id].client.current_bss))
21948 cfg80211_update_assoc_bss_entry(wdev, link_id,
21949 chandef->chan);
21950 break;
21951 case NL80211_IFTYPE_MESH_POINT:
21952 wdev->u.mesh.chandef = *chandef;
21953 wdev->u.mesh.preset_chandef = *chandef;
21954 break;
21955 case NL80211_IFTYPE_AP:
21956 case NL80211_IFTYPE_P2P_GO:
21957 wdev->links[link_id].ap.chandef = *chandef;
21958 break;
21959 case NL80211_IFTYPE_ADHOC:
21960 wdev->u.ibss.chandef = *chandef;
21961 break;
21962 default:
21963 WARN_ON(1);
21964 break;
21965 }
21966
21967 cfg80211_schedule_channels_check(wdev);
21968 cfg80211_sched_dfs_chan_update(rdev);
21969
21970 nl80211_ch_switch_notify(rdev, dev, link_id, chandef, GFP_KERNEL,
21971 NL80211_CMD_CH_SWITCH_NOTIFY, 0, false);
21972 }
21973 EXPORT_SYMBOL(cfg80211_ch_switch_notify);
21974
cfg80211_incumbent_signal_notify(struct wiphy * wiphy,const struct cfg80211_chan_def * chandef,u32 signal_interference_bitmap,gfp_t gfp)21975 void cfg80211_incumbent_signal_notify(struct wiphy *wiphy,
21976 const struct cfg80211_chan_def *chandef,
21977 u32 signal_interference_bitmap,
21978 gfp_t gfp)
21979 {
21980 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
21981 struct sk_buff *msg;
21982 void *hdr;
21983
21984 trace_cfg80211_incumbent_signal_notify(wiphy, chandef, signal_interference_bitmap);
21985
21986 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
21987 if (!msg)
21988 return;
21989
21990 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_INCUMBENT_SIGNAL_DETECT);
21991 if (!hdr)
21992 goto nla_put_failure;
21993
21994 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx))
21995 goto nla_put_failure;
21996
21997 if (nl80211_send_chandef(msg, chandef))
21998 goto nla_put_failure;
21999
22000 if (nla_put_u32(msg, NL80211_ATTR_INCUMBENT_SIGNAL_INTERFERENCE_BITMAP,
22001 signal_interference_bitmap))
22002 goto nla_put_failure;
22003
22004 genlmsg_end(msg, hdr);
22005
22006 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
22007 NL80211_MCGRP_MLME, gfp);
22008 return;
22009
22010 nla_put_failure:
22011 nlmsg_free(msg);
22012 }
22013 EXPORT_SYMBOL(cfg80211_incumbent_signal_notify);
22014
cfg80211_ch_switch_started_notify(struct net_device * dev,struct cfg80211_chan_def * chandef,unsigned int link_id,u8 count,bool quiet)22015 void cfg80211_ch_switch_started_notify(struct net_device *dev,
22016 struct cfg80211_chan_def *chandef,
22017 unsigned int link_id, u8 count,
22018 bool quiet)
22019 {
22020 struct wireless_dev *wdev = dev->ieee80211_ptr;
22021 struct wiphy *wiphy = wdev->wiphy;
22022 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
22023
22024 lockdep_assert_wiphy(wdev->wiphy);
22025 WARN_INVALID_LINK_ID(wdev, link_id);
22026
22027 trace_cfg80211_ch_switch_started_notify(dev, chandef, link_id);
22028
22029
22030 nl80211_ch_switch_notify(rdev, dev, link_id, chandef, GFP_KERNEL,
22031 NL80211_CMD_CH_SWITCH_STARTED_NOTIFY,
22032 count, quiet);
22033 }
22034 EXPORT_SYMBOL(cfg80211_ch_switch_started_notify);
22035
cfg80211_bss_color_notify(struct net_device * dev,enum nl80211_commands cmd,u8 count,u64 color_bitmap,u8 link_id)22036 int cfg80211_bss_color_notify(struct net_device *dev,
22037 enum nl80211_commands cmd, u8 count,
22038 u64 color_bitmap, u8 link_id)
22039 {
22040 struct wireless_dev *wdev = dev->ieee80211_ptr;
22041 struct wiphy *wiphy = wdev->wiphy;
22042 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
22043 struct sk_buff *msg;
22044 void *hdr;
22045
22046 lockdep_assert_wiphy(wdev->wiphy);
22047
22048 trace_cfg80211_bss_color_notify(dev, cmd, count, color_bitmap);
22049
22050 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
22051 if (!msg)
22052 return -ENOMEM;
22053
22054 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
22055 if (!hdr)
22056 goto nla_put_failure;
22057
22058 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
22059 goto nla_put_failure;
22060
22061 if (wdev->valid_links &&
22062 nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID, link_id))
22063 goto nla_put_failure;
22064
22065 if (cmd == NL80211_CMD_COLOR_CHANGE_STARTED &&
22066 nla_put_u32(msg, NL80211_ATTR_COLOR_CHANGE_COUNT, count))
22067 goto nla_put_failure;
22068
22069 if (cmd == NL80211_CMD_OBSS_COLOR_COLLISION &&
22070 nla_put_u64_64bit(msg, NL80211_ATTR_OBSS_COLOR_BITMAP,
22071 color_bitmap, NL80211_ATTR_PAD))
22072 goto nla_put_failure;
22073
22074 genlmsg_end(msg, hdr);
22075
22076 return genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy),
22077 msg, 0, NL80211_MCGRP_MLME, GFP_KERNEL);
22078
22079 nla_put_failure:
22080 nlmsg_free(msg);
22081 return -EINVAL;
22082 }
22083 EXPORT_SYMBOL(cfg80211_bss_color_notify);
22084
22085 void
nl80211_radar_notify(struct cfg80211_registered_device * rdev,const struct cfg80211_chan_def * chandef,enum nl80211_radar_event event,struct net_device * netdev,gfp_t gfp)22086 nl80211_radar_notify(struct cfg80211_registered_device *rdev,
22087 const struct cfg80211_chan_def *chandef,
22088 enum nl80211_radar_event event,
22089 struct net_device *netdev, gfp_t gfp)
22090 {
22091 struct sk_buff *msg;
22092 void *hdr;
22093
22094 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
22095 if (!msg)
22096 return;
22097
22098 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_RADAR_DETECT);
22099 if (!hdr) {
22100 nlmsg_free(msg);
22101 return;
22102 }
22103
22104 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx))
22105 goto nla_put_failure;
22106
22107 /* NOP and radar events don't need a netdev parameter */
22108 if (netdev) {
22109 struct wireless_dev *wdev = netdev->ieee80211_ptr;
22110
22111 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
22112 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
22113 NL80211_ATTR_PAD))
22114 goto nla_put_failure;
22115 }
22116
22117 if (rdev->background_radar_wdev &&
22118 cfg80211_chandef_identical(&rdev->background_radar_chandef,
22119 chandef)) {
22120 if (nla_put_flag(msg, NL80211_ATTR_RADAR_BACKGROUND))
22121 goto nla_put_failure;
22122 }
22123
22124 if (nla_put_u32(msg, NL80211_ATTR_RADAR_EVENT, event))
22125 goto nla_put_failure;
22126
22127 if (nl80211_send_chandef(msg, chandef))
22128 goto nla_put_failure;
22129
22130 genlmsg_end(msg, hdr);
22131
22132 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
22133 NL80211_MCGRP_MLME, gfp);
22134 return;
22135
22136 nla_put_failure:
22137 nlmsg_free(msg);
22138 }
22139
cfg80211_sta_opmode_change_notify(struct net_device * dev,const u8 * mac,struct sta_opmode_info * sta_opmode,gfp_t gfp)22140 void cfg80211_sta_opmode_change_notify(struct net_device *dev, const u8 *mac,
22141 struct sta_opmode_info *sta_opmode,
22142 gfp_t gfp)
22143 {
22144 struct sk_buff *msg;
22145 struct wireless_dev *wdev = dev->ieee80211_ptr;
22146 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
22147 void *hdr;
22148
22149 if (WARN_ON(!mac))
22150 return;
22151
22152 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
22153 if (!msg)
22154 return;
22155
22156 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_STA_OPMODE_CHANGED);
22157 if (!hdr) {
22158 nlmsg_free(msg);
22159 return;
22160 }
22161
22162 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx))
22163 goto nla_put_failure;
22164
22165 if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
22166 goto nla_put_failure;
22167
22168 if (nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac))
22169 goto nla_put_failure;
22170
22171 if ((sta_opmode->changed & STA_OPMODE_SMPS_MODE_CHANGED) &&
22172 nla_put_u8(msg, NL80211_ATTR_SMPS_MODE, sta_opmode->smps_mode))
22173 goto nla_put_failure;
22174
22175 if ((sta_opmode->changed & STA_OPMODE_MAX_BW_CHANGED) &&
22176 nla_put_u32(msg, NL80211_ATTR_CHANNEL_WIDTH, sta_opmode->bw))
22177 goto nla_put_failure;
22178
22179 if ((sta_opmode->changed & STA_OPMODE_N_SS_CHANGED) &&
22180 nla_put_u8(msg, NL80211_ATTR_NSS, sta_opmode->rx_nss))
22181 goto nla_put_failure;
22182
22183 genlmsg_end(msg, hdr);
22184
22185 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
22186 NL80211_MCGRP_MLME, gfp);
22187
22188 return;
22189
22190 nla_put_failure:
22191 nlmsg_free(msg);
22192 }
22193 EXPORT_SYMBOL(cfg80211_sta_opmode_change_notify);
22194
cfg80211_probe_status(struct net_device * dev,const u8 * addr,u64 cookie,bool acked,s32 ack_signal,bool is_valid_ack_signal,gfp_t gfp)22195 void cfg80211_probe_status(struct net_device *dev, const u8 *addr,
22196 u64 cookie, bool acked, s32 ack_signal,
22197 bool is_valid_ack_signal, gfp_t gfp)
22198 {
22199 struct wireless_dev *wdev = dev->ieee80211_ptr;
22200 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
22201 struct sk_buff *msg;
22202 void *hdr;
22203
22204 trace_cfg80211_probe_status(dev, addr, cookie, acked);
22205
22206 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
22207
22208 if (!msg)
22209 return;
22210
22211 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PROBE_CLIENT);
22212 if (!hdr) {
22213 nlmsg_free(msg);
22214 return;
22215 }
22216
22217 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
22218 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
22219 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
22220 nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
22221 NL80211_ATTR_PAD) ||
22222 (acked && nla_put_flag(msg, NL80211_ATTR_ACK)) ||
22223 (is_valid_ack_signal && nla_put_s32(msg, NL80211_ATTR_ACK_SIGNAL,
22224 ack_signal)))
22225 goto nla_put_failure;
22226
22227 genlmsg_end(msg, hdr);
22228
22229 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
22230 NL80211_MCGRP_MLME, gfp);
22231 return;
22232
22233 nla_put_failure:
22234 nlmsg_free(msg);
22235 }
22236 EXPORT_SYMBOL(cfg80211_probe_status);
22237
cfg80211_report_obss_beacon_khz(struct wiphy * wiphy,const u8 * frame,size_t len,int freq,int sig_dbm)22238 void cfg80211_report_obss_beacon_khz(struct wiphy *wiphy, const u8 *frame,
22239 size_t len, int freq, int sig_dbm)
22240 {
22241 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
22242 struct sk_buff *msg;
22243 void *hdr;
22244 struct cfg80211_beacon_registration *reg;
22245
22246 trace_cfg80211_report_obss_beacon(wiphy, frame, len, freq, sig_dbm);
22247
22248 spin_lock_bh(&rdev->beacon_registrations_lock);
22249 list_for_each_entry(reg, &rdev->beacon_registrations, list) {
22250 msg = nlmsg_new(len + 100, GFP_ATOMIC);
22251 if (!msg) {
22252 spin_unlock_bh(&rdev->beacon_registrations_lock);
22253 return;
22254 }
22255
22256 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME);
22257 if (!hdr)
22258 goto nla_put_failure;
22259
22260 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
22261 (freq &&
22262 (nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ,
22263 KHZ_TO_MHZ(freq)) ||
22264 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ_OFFSET,
22265 freq % 1000))) ||
22266 (sig_dbm &&
22267 nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)) ||
22268 nla_put(msg, NL80211_ATTR_FRAME, len, frame))
22269 goto nla_put_failure;
22270
22271 genlmsg_end(msg, hdr);
22272
22273 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, reg->nlportid);
22274 }
22275 spin_unlock_bh(&rdev->beacon_registrations_lock);
22276 return;
22277
22278 nla_put_failure:
22279 spin_unlock_bh(&rdev->beacon_registrations_lock);
22280 nlmsg_free(msg);
22281 }
22282 EXPORT_SYMBOL(cfg80211_report_obss_beacon_khz);
22283
22284 #ifdef CONFIG_PM
cfg80211_net_detect_results(struct sk_buff * msg,struct cfg80211_wowlan_wakeup * wakeup)22285 static int cfg80211_net_detect_results(struct sk_buff *msg,
22286 struct cfg80211_wowlan_wakeup *wakeup)
22287 {
22288 struct cfg80211_wowlan_nd_info *nd = wakeup->net_detect;
22289 struct nlattr *nl_results, *nl_match, *nl_freqs;
22290 int i, j;
22291
22292 nl_results = nla_nest_start_noflag(msg,
22293 NL80211_WOWLAN_TRIG_NET_DETECT_RESULTS);
22294 if (!nl_results)
22295 return -EMSGSIZE;
22296
22297 for (i = 0; i < nd->n_matches; i++) {
22298 struct cfg80211_wowlan_nd_match *match = nd->matches[i];
22299
22300 nl_match = nla_nest_start_noflag(msg, i);
22301 if (!nl_match)
22302 break;
22303
22304 /* The SSID attribute is optional in nl80211, but for
22305 * simplicity reasons it's always present in the
22306 * cfg80211 structure. If a driver can't pass the
22307 * SSID, that needs to be changed. A zero length SSID
22308 * is still a valid SSID (wildcard), so it cannot be
22309 * used for this purpose.
22310 */
22311 if (nla_put(msg, NL80211_ATTR_SSID, match->ssid.ssid_len,
22312 match->ssid.ssid)) {
22313 nla_nest_cancel(msg, nl_match);
22314 goto out;
22315 }
22316
22317 if (match->n_channels) {
22318 nl_freqs = nla_nest_start_noflag(msg,
22319 NL80211_ATTR_SCAN_FREQUENCIES);
22320 if (!nl_freqs) {
22321 nla_nest_cancel(msg, nl_match);
22322 goto out;
22323 }
22324
22325 for (j = 0; j < match->n_channels; j++) {
22326 if (nla_put_u32(msg, j, match->channels[j])) {
22327 nla_nest_cancel(msg, nl_freqs);
22328 nla_nest_cancel(msg, nl_match);
22329 goto out;
22330 }
22331 }
22332
22333 nla_nest_end(msg, nl_freqs);
22334 }
22335
22336 nla_nest_end(msg, nl_match);
22337 }
22338
22339 out:
22340 nla_nest_end(msg, nl_results);
22341 return 0;
22342 }
22343
cfg80211_report_wowlan_wakeup(struct wireless_dev * wdev,struct cfg80211_wowlan_wakeup * wakeup,gfp_t gfp)22344 void cfg80211_report_wowlan_wakeup(struct wireless_dev *wdev,
22345 struct cfg80211_wowlan_wakeup *wakeup,
22346 gfp_t gfp)
22347 {
22348 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
22349 struct sk_buff *msg;
22350 void *hdr;
22351 int size = 200;
22352
22353 trace_cfg80211_report_wowlan_wakeup(wdev->wiphy, wdev, wakeup);
22354
22355 if (wakeup)
22356 size += wakeup->packet_present_len;
22357
22358 msg = nlmsg_new(size, gfp);
22359 if (!msg)
22360 return;
22361
22362 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_SET_WOWLAN);
22363 if (!hdr)
22364 goto free_msg;
22365
22366 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
22367 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
22368 NL80211_ATTR_PAD))
22369 goto free_msg;
22370
22371 if (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
22372 wdev->netdev->ifindex))
22373 goto free_msg;
22374
22375 if (wakeup) {
22376 struct nlattr *reasons;
22377
22378 reasons = nla_nest_start_noflag(msg,
22379 NL80211_ATTR_WOWLAN_TRIGGERS);
22380 if (!reasons)
22381 goto free_msg;
22382
22383 if (wakeup->disconnect &&
22384 nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT))
22385 goto free_msg;
22386 if (wakeup->magic_pkt &&
22387 nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT))
22388 goto free_msg;
22389 if (wakeup->gtk_rekey_failure &&
22390 nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE))
22391 goto free_msg;
22392 if (wakeup->eap_identity_req &&
22393 nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST))
22394 goto free_msg;
22395 if (wakeup->four_way_handshake &&
22396 nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE))
22397 goto free_msg;
22398 if (wakeup->rfkill_release &&
22399 nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE))
22400 goto free_msg;
22401
22402 if (wakeup->pattern_idx >= 0 &&
22403 nla_put_u32(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN,
22404 wakeup->pattern_idx))
22405 goto free_msg;
22406
22407 if (wakeup->tcp_match &&
22408 nla_put_flag(msg, NL80211_WOWLAN_TRIG_WAKEUP_TCP_MATCH))
22409 goto free_msg;
22410
22411 if (wakeup->tcp_connlost &&
22412 nla_put_flag(msg, NL80211_WOWLAN_TRIG_WAKEUP_TCP_CONNLOST))
22413 goto free_msg;
22414
22415 if (wakeup->tcp_nomoretokens &&
22416 nla_put_flag(msg,
22417 NL80211_WOWLAN_TRIG_WAKEUP_TCP_NOMORETOKENS))
22418 goto free_msg;
22419
22420 if (wakeup->unprot_deauth_disassoc &&
22421 nla_put_flag(msg,
22422 NL80211_WOWLAN_TRIG_UNPROTECTED_DEAUTH_DISASSOC))
22423 goto free_msg;
22424
22425 if (wakeup->packet) {
22426 u32 pkt_attr = NL80211_WOWLAN_TRIG_WAKEUP_PKT_80211;
22427 u32 len_attr = NL80211_WOWLAN_TRIG_WAKEUP_PKT_80211_LEN;
22428
22429 if (!wakeup->packet_80211) {
22430 pkt_attr =
22431 NL80211_WOWLAN_TRIG_WAKEUP_PKT_8023;
22432 len_attr =
22433 NL80211_WOWLAN_TRIG_WAKEUP_PKT_8023_LEN;
22434 }
22435
22436 if (wakeup->packet_len &&
22437 nla_put_u32(msg, len_attr, wakeup->packet_len))
22438 goto free_msg;
22439
22440 if (nla_put(msg, pkt_attr, wakeup->packet_present_len,
22441 wakeup->packet))
22442 goto free_msg;
22443 }
22444
22445 if (wakeup->net_detect &&
22446 cfg80211_net_detect_results(msg, wakeup))
22447 goto free_msg;
22448
22449 nla_nest_end(msg, reasons);
22450 }
22451
22452 genlmsg_end(msg, hdr);
22453
22454 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
22455 NL80211_MCGRP_MLME, gfp);
22456 return;
22457
22458 free_msg:
22459 nlmsg_free(msg);
22460 }
22461 EXPORT_SYMBOL(cfg80211_report_wowlan_wakeup);
22462 #endif
22463
cfg80211_tdls_oper_request(struct net_device * dev,const u8 * peer,enum nl80211_tdls_operation oper,u16 reason_code,gfp_t gfp)22464 void cfg80211_tdls_oper_request(struct net_device *dev, const u8 *peer,
22465 enum nl80211_tdls_operation oper,
22466 u16 reason_code, gfp_t gfp)
22467 {
22468 struct wireless_dev *wdev = dev->ieee80211_ptr;
22469 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
22470 struct sk_buff *msg;
22471 void *hdr;
22472
22473 trace_cfg80211_tdls_oper_request(wdev->wiphy, dev, peer, oper,
22474 reason_code);
22475
22476 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
22477 if (!msg)
22478 return;
22479
22480 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_TDLS_OPER);
22481 if (!hdr) {
22482 nlmsg_free(msg);
22483 return;
22484 }
22485
22486 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
22487 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
22488 nla_put_u8(msg, NL80211_ATTR_TDLS_OPERATION, oper) ||
22489 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, peer) ||
22490 (reason_code > 0 &&
22491 nla_put_u16(msg, NL80211_ATTR_REASON_CODE, reason_code)))
22492 goto nla_put_failure;
22493
22494 genlmsg_end(msg, hdr);
22495
22496 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
22497 NL80211_MCGRP_MLME, gfp);
22498 return;
22499
22500 nla_put_failure:
22501 nlmsg_free(msg);
22502 }
22503 EXPORT_SYMBOL(cfg80211_tdls_oper_request);
22504
nl80211_netlink_notify(struct notifier_block * nb,unsigned long state,void * _notify)22505 static int nl80211_netlink_notify(struct notifier_block * nb,
22506 unsigned long state,
22507 void *_notify)
22508 {
22509 struct netlink_notify *notify = _notify;
22510 struct cfg80211_registered_device *rdev;
22511 struct wireless_dev *wdev;
22512 struct cfg80211_beacon_registration *reg, *tmp;
22513
22514 if (state != NETLINK_URELEASE || notify->protocol != NETLINK_GENERIC)
22515 return NOTIFY_DONE;
22516
22517 rcu_read_lock();
22518
22519 list_for_each_entry_rcu(rdev, &cfg80211_rdev_list, list) {
22520 struct cfg80211_sched_scan_request *sched_scan_req;
22521
22522 list_for_each_entry_rcu(sched_scan_req,
22523 &rdev->sched_scan_req_list,
22524 list) {
22525 if (sched_scan_req->owner_nlportid == notify->portid) {
22526 sched_scan_req->nl_owner_dead = true;
22527 wiphy_work_queue(&rdev->wiphy,
22528 &rdev->sched_scan_stop_wk);
22529 }
22530 }
22531
22532 list_for_each_entry_rcu(wdev, &rdev->wiphy.wdev_list, list) {
22533 cfg80211_mlme_unregister_socket(wdev, notify->portid);
22534
22535 if (wdev->owner_nlportid == notify->portid) {
22536 wdev->nl_owner_dead = true;
22537 schedule_work(&rdev->destroy_work);
22538 } else if (wdev->conn_owner_nlportid == notify->portid) {
22539 schedule_work(&wdev->disconnect_wk);
22540 }
22541
22542 cfg80211_release_pmsr(wdev, notify->portid);
22543 }
22544
22545 spin_lock_bh(&rdev->beacon_registrations_lock);
22546 list_for_each_entry_safe(reg, tmp, &rdev->beacon_registrations,
22547 list) {
22548 if (reg->nlportid == notify->portid) {
22549 list_del(®->list);
22550 kfree(reg);
22551 break;
22552 }
22553 }
22554 spin_unlock_bh(&rdev->beacon_registrations_lock);
22555 }
22556
22557 rcu_read_unlock();
22558
22559 /*
22560 * It is possible that the user space process that is controlling the
22561 * indoor setting disappeared, so notify the regulatory core.
22562 */
22563 regulatory_netlink_notify(notify->portid);
22564 return NOTIFY_OK;
22565 }
22566
22567 static struct notifier_block nl80211_netlink_notifier = {
22568 .notifier_call = nl80211_netlink_notify,
22569 };
22570
cfg80211_ft_event(struct net_device * netdev,struct cfg80211_ft_event_params * ft_event)22571 void cfg80211_ft_event(struct net_device *netdev,
22572 struct cfg80211_ft_event_params *ft_event)
22573 {
22574 struct wiphy *wiphy = netdev->ieee80211_ptr->wiphy;
22575 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
22576 struct sk_buff *msg;
22577 void *hdr;
22578
22579 trace_cfg80211_ft_event(wiphy, netdev, ft_event);
22580
22581 if (!ft_event->target_ap)
22582 return;
22583
22584 msg = nlmsg_new(100 + ft_event->ies_len + ft_event->ric_ies_len,
22585 GFP_KERNEL);
22586 if (!msg)
22587 return;
22588
22589 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FT_EVENT);
22590 if (!hdr)
22591 goto out;
22592
22593 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
22594 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
22595 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, ft_event->target_ap))
22596 goto out;
22597
22598 if (ft_event->ies &&
22599 nla_put(msg, NL80211_ATTR_IE, ft_event->ies_len, ft_event->ies))
22600 goto out;
22601 if (ft_event->ric_ies &&
22602 nla_put(msg, NL80211_ATTR_IE_RIC, ft_event->ric_ies_len,
22603 ft_event->ric_ies))
22604 goto out;
22605
22606 genlmsg_end(msg, hdr);
22607
22608 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
22609 NL80211_MCGRP_MLME, GFP_KERNEL);
22610 return;
22611 out:
22612 nlmsg_free(msg);
22613 }
22614 EXPORT_SYMBOL(cfg80211_ft_event);
22615
cfg80211_crit_proto_stopped(struct wireless_dev * wdev,gfp_t gfp)22616 void cfg80211_crit_proto_stopped(struct wireless_dev *wdev, gfp_t gfp)
22617 {
22618 struct cfg80211_registered_device *rdev;
22619 struct sk_buff *msg;
22620 void *hdr;
22621 u32 nlportid;
22622
22623 rdev = wiphy_to_rdev(wdev->wiphy);
22624 if (!rdev->crit_proto_nlportid)
22625 return;
22626
22627 nlportid = rdev->crit_proto_nlportid;
22628 rdev->crit_proto_nlportid = 0;
22629
22630 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
22631 if (!msg)
22632 return;
22633
22634 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CRIT_PROTOCOL_STOP);
22635 if (!hdr)
22636 goto nla_put_failure;
22637
22638 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
22639 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
22640 NL80211_ATTR_PAD))
22641 goto nla_put_failure;
22642
22643 genlmsg_end(msg, hdr);
22644
22645 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
22646 return;
22647
22648 nla_put_failure:
22649 nlmsg_free(msg);
22650 }
22651 EXPORT_SYMBOL(cfg80211_crit_proto_stopped);
22652
nl80211_send_ap_stopped(struct wireless_dev * wdev,unsigned int link_id)22653 void nl80211_send_ap_stopped(struct wireless_dev *wdev, unsigned int link_id)
22654 {
22655 struct wiphy *wiphy = wdev->wiphy;
22656 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
22657 struct sk_buff *msg;
22658 void *hdr;
22659
22660 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
22661 if (!msg)
22662 return;
22663
22664 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_STOP_AP);
22665 if (!hdr)
22666 goto out;
22667
22668 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
22669 nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex) ||
22670 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
22671 NL80211_ATTR_PAD) ||
22672 (wdev->valid_links &&
22673 nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID, link_id)))
22674 goto out;
22675
22676 genlmsg_end(msg, hdr);
22677
22678 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(wiphy), msg, 0,
22679 NL80211_MCGRP_MLME, GFP_KERNEL);
22680 return;
22681 out:
22682 nlmsg_free(msg);
22683 }
22684
cfg80211_external_auth_request(struct net_device * dev,struct cfg80211_external_auth_params * params,gfp_t gfp)22685 int cfg80211_external_auth_request(struct net_device *dev,
22686 struct cfg80211_external_auth_params *params,
22687 gfp_t gfp)
22688 {
22689 struct wireless_dev *wdev = dev->ieee80211_ptr;
22690 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
22691 struct sk_buff *msg;
22692 void *hdr;
22693
22694 if (!wdev->conn_owner_nlportid)
22695 return -EINVAL;
22696
22697 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
22698 if (!msg)
22699 return -ENOMEM;
22700
22701 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_EXTERNAL_AUTH);
22702 if (!hdr)
22703 goto nla_put_failure;
22704
22705 /* Some historical mistakes in drivers <-> userspace interface (notably
22706 * between drivers and wpa_supplicant) led to a big-endian conversion
22707 * being needed on NL80211_ATTR_AKM_SUITES _only_ when its value is
22708 * WLAN_AKM_SUITE_SAE. This is now fixed on userspace side, but for the
22709 * benefit of older wpa_supplicant versions, send this particular value
22710 * in big-endian. Note that newer wpa_supplicant will also detect this
22711 * particular value in big endian still, so it all continues to work.
22712 */
22713 if (params->key_mgmt_suite == WLAN_AKM_SUITE_SAE) {
22714 if (nla_put_be32(msg, NL80211_ATTR_AKM_SUITES,
22715 cpu_to_be32(WLAN_AKM_SUITE_SAE)))
22716 goto nla_put_failure;
22717 } else {
22718 if (nla_put_u32(msg, NL80211_ATTR_AKM_SUITES,
22719 params->key_mgmt_suite))
22720 goto nla_put_failure;
22721 }
22722
22723 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
22724 nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
22725 nla_put_u32(msg, NL80211_ATTR_EXTERNAL_AUTH_ACTION,
22726 params->action) ||
22727 nla_put(msg, NL80211_ATTR_BSSID, ETH_ALEN, params->bssid) ||
22728 nla_put(msg, NL80211_ATTR_SSID, params->ssid.ssid_len,
22729 params->ssid.ssid) ||
22730 (!is_zero_ether_addr(params->mld_addr) &&
22731 nla_put(msg, NL80211_ATTR_MLD_ADDR, ETH_ALEN, params->mld_addr)))
22732 goto nla_put_failure;
22733
22734 genlmsg_end(msg, hdr);
22735 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg,
22736 wdev->conn_owner_nlportid);
22737 return 0;
22738
22739 nla_put_failure:
22740 nlmsg_free(msg);
22741 return -ENOBUFS;
22742 }
22743 EXPORT_SYMBOL(cfg80211_external_auth_request);
22744
cfg80211_update_owe_info_event(struct net_device * netdev,struct cfg80211_update_owe_info * owe_info,gfp_t gfp)22745 void cfg80211_update_owe_info_event(struct net_device *netdev,
22746 struct cfg80211_update_owe_info *owe_info,
22747 gfp_t gfp)
22748 {
22749 struct wiphy *wiphy = netdev->ieee80211_ptr->wiphy;
22750 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
22751 struct sk_buff *msg;
22752 void *hdr;
22753
22754 trace_cfg80211_update_owe_info_event(wiphy, netdev, owe_info);
22755
22756 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
22757 if (!msg)
22758 return;
22759
22760 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_UPDATE_OWE_INFO);
22761 if (!hdr)
22762 goto nla_put_failure;
22763
22764 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
22765 nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
22766 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, owe_info->peer))
22767 goto nla_put_failure;
22768
22769 if (!owe_info->ie_len ||
22770 nla_put(msg, NL80211_ATTR_IE, owe_info->ie_len, owe_info->ie))
22771 goto nla_put_failure;
22772
22773 if (owe_info->assoc_link_id != -1) {
22774 if (nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID,
22775 owe_info->assoc_link_id))
22776 goto nla_put_failure;
22777
22778 if (!is_zero_ether_addr(owe_info->peer_mld_addr) &&
22779 nla_put(msg, NL80211_ATTR_MLD_ADDR, ETH_ALEN,
22780 owe_info->peer_mld_addr))
22781 goto nla_put_failure;
22782 }
22783
22784 genlmsg_end(msg, hdr);
22785
22786 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
22787 NL80211_MCGRP_MLME, gfp);
22788 return;
22789
22790 nla_put_failure:
22791 genlmsg_cancel(msg, hdr);
22792 nlmsg_free(msg);
22793 }
22794 EXPORT_SYMBOL(cfg80211_update_owe_info_event);
22795
cfg80211_schedule_channels_check(struct wireless_dev * wdev)22796 void cfg80211_schedule_channels_check(struct wireless_dev *wdev)
22797 {
22798 struct wiphy *wiphy = wdev->wiphy;
22799
22800 /* Schedule channels check if NO_IR or DFS relaxations are supported */
22801 if (wdev->iftype == NL80211_IFTYPE_STATION &&
22802 (wiphy_ext_feature_isset(wiphy,
22803 NL80211_EXT_FEATURE_DFS_CONCURRENT) ||
22804 (IS_ENABLED(CONFIG_CFG80211_REG_RELAX_NO_IR) &&
22805 wiphy->regulatory_flags & REGULATORY_ENABLE_RELAX_NO_IR)))
22806 reg_check_channels();
22807 }
22808 EXPORT_SYMBOL(cfg80211_schedule_channels_check);
22809
cfg80211_epcs_changed(struct net_device * netdev,bool enabled)22810 void cfg80211_epcs_changed(struct net_device *netdev, bool enabled)
22811 {
22812 struct wireless_dev *wdev = netdev->ieee80211_ptr;
22813 struct wiphy *wiphy = wdev->wiphy;
22814 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
22815 struct sk_buff *msg;
22816 void *hdr;
22817
22818 trace_cfg80211_epcs_changed(wdev, enabled);
22819
22820 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
22821 if (!msg)
22822 return;
22823
22824 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_EPCS_CFG);
22825 if (!hdr) {
22826 nlmsg_free(msg);
22827 return;
22828 }
22829
22830 if (enabled && nla_put_flag(msg, NL80211_ATTR_EPCS))
22831 goto nla_put_failure;
22832
22833 genlmsg_end(msg, hdr);
22834 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
22835 NL80211_MCGRP_MLME, GFP_KERNEL);
22836 return;
22837
22838 nla_put_failure:
22839 nlmsg_free(msg);
22840 }
22841 EXPORT_SYMBOL(cfg80211_epcs_changed);
22842
cfg80211_next_nan_dw_notif(struct wireless_dev * wdev,struct ieee80211_channel * chan,gfp_t gfp)22843 void cfg80211_next_nan_dw_notif(struct wireless_dev *wdev,
22844 struct ieee80211_channel *chan, gfp_t gfp)
22845 {
22846 struct wiphy *wiphy = wdev->wiphy;
22847 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
22848 struct sk_buff *msg;
22849 void *hdr;
22850
22851 trace_cfg80211_next_nan_dw_notif(wdev, chan);
22852
22853 if (!wdev->owner_nlportid)
22854 return;
22855
22856 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
22857 if (!msg)
22858 return;
22859
22860 hdr = nl80211hdr_put(msg, 0, 0, 0,
22861 NL80211_CMD_NAN_NEXT_DW_NOTIFICATION);
22862 if (!hdr)
22863 goto nla_put_failure;
22864
22865 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
22866 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
22867 NL80211_ATTR_PAD) ||
22868 nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, chan->center_freq))
22869 goto nla_put_failure;
22870
22871 genlmsg_end(msg, hdr);
22872
22873 genlmsg_unicast(wiphy_net(wiphy), msg, wdev->owner_nlportid);
22874
22875 return;
22876
22877 nla_put_failure:
22878 nlmsg_free(msg);
22879 }
22880 EXPORT_SYMBOL(cfg80211_next_nan_dw_notif);
22881
cfg80211_nan_cluster_joined(struct wireless_dev * wdev,const u8 * cluster_id,bool new_cluster,gfp_t gfp)22882 void cfg80211_nan_cluster_joined(struct wireless_dev *wdev,
22883 const u8 *cluster_id, bool new_cluster,
22884 gfp_t gfp)
22885 {
22886 struct wiphy *wiphy = wdev->wiphy;
22887 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
22888 struct sk_buff *msg;
22889 void *hdr;
22890
22891 trace_cfg80211_nan_cluster_joined(wdev, cluster_id, new_cluster);
22892
22893 memcpy(wdev->u.nan.cluster_id, cluster_id, ETH_ALEN);
22894
22895 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
22896 if (!msg)
22897 return;
22898
22899 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NAN_CLUSTER_JOINED);
22900 if (!hdr)
22901 goto nla_put_failure;
22902
22903 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
22904 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
22905 NL80211_ATTR_PAD) ||
22906 nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, cluster_id) ||
22907 (new_cluster && nla_put_flag(msg, NL80211_ATTR_NAN_NEW_CLUSTER)))
22908 goto nla_put_failure;
22909
22910 genlmsg_end(msg, hdr);
22911
22912 if (!wdev->owner_nlportid)
22913 genlmsg_multicast_netns(&nl80211_fam, wiphy_net(wiphy),
22914 msg, 0, NL80211_MCGRP_NAN, gfp);
22915 else
22916 genlmsg_unicast(wiphy_net(wiphy), msg,
22917 wdev->owner_nlportid);
22918 return;
22919
22920 nla_put_failure:
22921 nlmsg_free(msg);
22922 }
22923 EXPORT_SYMBOL(cfg80211_nan_cluster_joined);
22924
cfg80211_nan_ulw_update(struct wireless_dev * wdev,const u8 * ulw,size_t ulw_len,gfp_t gfp)22925 void cfg80211_nan_ulw_update(struct wireless_dev *wdev,
22926 const u8 *ulw, size_t ulw_len, gfp_t gfp)
22927 {
22928 struct wiphy *wiphy = wdev->wiphy;
22929 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
22930 struct sk_buff *msg;
22931 void *hdr;
22932
22933 trace_cfg80211_nan_ulw_update(wiphy, wdev, ulw, ulw_len);
22934
22935 if (!wdev->owner_nlportid)
22936 return;
22937
22938 /* 32 for the wiphy idx, 64 for the wdev id, 100 for padding */
22939 msg = nlmsg_new(nla_total_size(sizeof(u32)) +
22940 nla_total_size(ulw_len) +
22941 nla_total_size(sizeof(u64)) + 100,
22942 gfp);
22943 if (!msg)
22944 return;
22945
22946 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NAN_ULW_UPDATE);
22947 if (!hdr)
22948 goto nla_put_failure;
22949
22950 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
22951 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
22952 NL80211_ATTR_PAD) ||
22953 (ulw && ulw_len &&
22954 nla_put(msg, NL80211_ATTR_NAN_ULW, ulw_len, ulw)))
22955 goto nla_put_failure;
22956
22957 genlmsg_end(msg, hdr);
22958
22959 genlmsg_unicast(wiphy_net(wiphy), msg, wdev->owner_nlportid);
22960
22961 return;
22962
22963 nla_put_failure:
22964 nlmsg_free(msg);
22965 }
22966 EXPORT_SYMBOL(cfg80211_nan_ulw_update);
22967
cfg80211_nan_channel_evac(struct wireless_dev * wdev,const struct cfg80211_chan_def * chandef,gfp_t gfp)22968 void cfg80211_nan_channel_evac(struct wireless_dev *wdev,
22969 const struct cfg80211_chan_def *chandef,
22970 gfp_t gfp)
22971 {
22972 struct wiphy *wiphy = wdev->wiphy;
22973 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
22974 struct sk_buff *msg;
22975 struct nlattr *chan_attr;
22976 void *hdr;
22977
22978 trace_cfg80211_nan_channel_evac(wiphy, wdev, chandef);
22979
22980 if (!wdev->owner_nlportid)
22981 return;
22982
22983 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
22984 if (!msg)
22985 return;
22986
22987 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NAN_CHANNEL_EVAC);
22988 if (!hdr)
22989 goto nla_put_failure;
22990
22991 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
22992 nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
22993 NL80211_ATTR_PAD))
22994 goto nla_put_failure;
22995
22996 chan_attr = nla_nest_start(msg, NL80211_ATTR_NAN_CHANNEL);
22997 if (!chan_attr)
22998 goto nla_put_failure;
22999
23000 if (nl80211_send_chandef(msg, chandef))
23001 goto nla_put_failure;
23002
23003 nla_nest_end(msg, chan_attr);
23004
23005 genlmsg_end(msg, hdr);
23006
23007 genlmsg_unicast(wiphy_net(wiphy), msg, wdev->owner_nlportid);
23008
23009 return;
23010
23011 nla_put_failure:
23012 nlmsg_free(msg);
23013 }
23014 EXPORT_SYMBOL(cfg80211_nan_channel_evac);
23015
23016 /* initialisation/exit functions */
23017
nl80211_init(void)23018 int __init nl80211_init(void)
23019 {
23020 int err;
23021
23022 err = genl_register_family(&nl80211_fam);
23023 if (err)
23024 return err;
23025
23026 err = netlink_register_notifier(&nl80211_netlink_notifier);
23027 if (err)
23028 goto err_out;
23029
23030 return 0;
23031 err_out:
23032 genl_unregister_family(&nl80211_fam);
23033 return err;
23034 }
23035
nl80211_exit(void)23036 void nl80211_exit(void)
23037 {
23038 netlink_unregister_notifier(&nl80211_netlink_notifier);
23039 genl_unregister_family(&nl80211_fam);
23040 }
23041